我写了下面这段代码,是更改用户密码的,不使用类,直接调用数据库,但运行的时候会出问题,请高手指教,
在if(reader.read())后面,要怎么写才能把nPassword1.text.Trim()的数据,更新到数据库里面。
using System;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;public partial class editpwd : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{ } protected void editpwdBtn_Click(object sender, EventArgs e)
{
string cn;
cn = "Data Source=(Local);Initial Catalog=wohua;Integrated Security=True";
string UPDATE;
UPDATE = "UPDATE dbo.LoadUser SET UserPwd=";
string sql = UPDATE + "'" + nPassword1 + "' WHERE UserName ='" + Username.Text + "' and UserPwd = '" + Password.Text + "'";
//创建链接
SqlConnection connection = new SqlConnection(cn);
SqlCommand command = new SqlCommand(
sql, connection);
SqlDataReader reader = null;
try
{
connection.Open();
reader = command.ExecuteReader();
if (reader.Read()) //这里已经在sql语句中把用户名密码及用户输入的数据进行对比
{
command.GetType="update odb.LoadUser set password='"+nPassword1.Text.Trim()+"'";
Message1.Text="修改成功";
}
else
{
Message1.Text="用户名或密码错误";
}
}
catch { }
finally
{
connection.Close();
}
} protected void backBtn_Click(object sender, EventArgs e)
{ //按返回键退回到主页面
Response.Redirect("welcome.aspx"); }
}
在if(reader.read())后面,要怎么写才能把nPassword1.text.Trim()的数据,更新到数据库里面。
using System;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;public partial class editpwd : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{ } protected void editpwdBtn_Click(object sender, EventArgs e)
{
string cn;
cn = "Data Source=(Local);Initial Catalog=wohua;Integrated Security=True";
string UPDATE;
UPDATE = "UPDATE dbo.LoadUser SET UserPwd=";
string sql = UPDATE + "'" + nPassword1 + "' WHERE UserName ='" + Username.Text + "' and UserPwd = '" + Password.Text + "'";
//创建链接
SqlConnection connection = new SqlConnection(cn);
SqlCommand command = new SqlCommand(
sql, connection);
SqlDataReader reader = null;
try
{
connection.Open();
reader = command.ExecuteReader();
if (reader.Read()) //这里已经在sql语句中把用户名密码及用户输入的数据进行对比
{
command.GetType="update odb.LoadUser set password='"+nPassword1.Text.Trim()+"'";
Message1.Text="修改成功";
}
else
{
Message1.Text="用户名或密码错误";
}
}
catch { }
finally
{
connection.Close();
}
} protected void backBtn_Click(object sender, EventArgs e)
{ //按返回键退回到主页面
Response.Redirect("welcome.aspx"); }
}
string UPDATE;
UPDATE = "UPDATE dbo.LoadUser SET UserPwd=";
string sql = UPDATE + "'" + nPassword1 + "' WHERE UserName ='" + Username.Text + "' and UserPwd = '" + Password.Text + "'";
nPassword1 <-- 这个是什么,应该是 nPassword1.text.Trim()而且如果只是更新不需要用到DataReader,直接Cmd.ExecuteNoQuery 就OK
检查SQL语句吧
如果在sql语句里面,直接用nPassword1.text.trim(),就会存在随便什么用户名,都会把密码改掉了
你对于这句话的理解完全错了,这只是一个指向问题
它每次到数据库中会指向最上面一行的数据,如果有这一行就执行IF下的语句
你不能写成这样吗?string sql = sql.format(update dbo.LoadUser set UserPwd='{0}' where UserName='{1}'
and UserPwd = '{2}'),nPassword1,Username.Text,Password.Text;
//要注意SqlDataReader的释放。
if (reader.Read()) //这里已经在sql语句中把用户名密码及用户输入的数据进行对比
{
//我不知道,这句的意义何在? command.GetType="update odb.LoadUser set password='"+nPassword1.Text.Trim()+"'";
Message1.Text="修改成功";
}
else
{
Message1.Text="用户名或密码错误";
}