数据库权限问题~代码很乱不知道怎么改~


 protected void Page_Load(object sender, EventArgs e)
    {
        int errNum;
        string passwords;
        int status;
        //if (CheckForm())
        SqlConnection con = new SqlConnection(ConfigurationManager.AppSettings["constr"]);
        string sql1 = "select adminPwd,adminRight from [admin_Login] where adminName = '" + Users.Text + "'";
        sql1 = sql1.Replace("##adminName", Users.Text.Trim());
        SqlCommand com = new SqlCommand(sql1, con);
        con.Open();
        SqlDataReader sqldr = com.ExecuteReader();        if (sqldr.Read())
        { //从数据库中读出错误次数 密码 状态
            errNum = (int)sqldr["errnum"];
            passwords = sqldr["adminPwd"].ToString();
            status = (int)sqldr["status"];
            sqldr.Close();
        }
        else
        {
            return;        }        if (errNum > 3)//判断错误次数是否超过3次,如果超过3次,则将数据库中状态置为1
        {
            Response.Write("<script language='javascript'>alert('您输入密码错误次数超过三次,账号冻结!')</script>");
            sql1 = @"update [admin_Login] set status=1 where errNum>3";
        }
        else
        { //判断用户输入密码与数据库中密码是否一致
            if (sqldr["password"].ToString() == Pwd.Text.Trim())
            {
                if (status == 0)//判断用户状态是否为0,为0则成功登录,为1则为无效账户
                {                    MessageBox.Show("登录成功!");
                    sql1 = @"update [admin_Login] set errNum=0 where status=0";//若登录成功,则将errNum次数置为0
                }
                else
                {
                    MessageBox.Show("您的账号已被河蟹,不能登录!");
                }
            }
            else
            {
                errNum++;//如果密码输入错误,则在数据库中将错误次数加一次
                sql1=@"update [admin_Login] set errnum = errnum+1";
            }
        }    }    protected void imgLogin_Click(object sender, ImageClickEventArgs e)
    {
        this.Label1.Text = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(this.Pwd.Text.Trim(), "md5");
        string username = Users.Text.ToString();
        string password = Pwd.Text.ToString();        if (username == "" || password == "")
        {
            Response.Write("<script language='javascript'>alert('请输入账号名和密码!')</script>");
        }
        else
        {
            SqlConnection conn = new SqlConnection(ConfigurationManager.AppSettings["constr"]);
            string sql = "select * from admin_Login  where adminName='" + Users.Text + "'and adminPwd='" + Pwd.Text + "'";
            SqlCommand sqlcmd = new SqlCommand(sql, conn);
            conn.Open();
            SqlDataReader dr = sqlcmd.ExecuteReader();
            if (dr.Read())
            {
                Session["Users"] = dr["adminName"].ToString();
                Response.Redirect("../main.aspx");
                dr.Close();
                conn.Close();
            }
            else
            {
                //Label1.Text = "用户名、密码不正确!";
                //Label1.Visible = true;
                Response.Write("<script language='javascript'>alert('用户名或密码不正确!')</script>");
                Users.Text = "";
                Users.Focus();
            }
        }
    }