62,041
社区成员
发帖
与我相关
我的任务
分享登录验证用户名和密码怎么写
登录验证用户名和密码怎么写,写了一块不对哪位能改一下。
if (TextBox1.Text != "" && TextBox2.Text != "")
{
string cmdText = "SELECT UserName FROM OfficeAutoDB";
SqlConnection conn = new SqlConnection(connStr);
conn.Open();
SqlCommand cmd = new SqlCommand(cmdText, conn);
SqlDataReader Rd = cmd.ExecuteReader();
string PName = Rd.ToString();
if (TextBox1.Text == PName)
{
Response.Write("<script> alert('dfsf')</script>");
}
Rd.Close();
conn.Close();
}
else
{
Response.Write("<sciprt>alert('用户名和密码不能为空!')</script>");
}
if (TextBox1.Text != "" && TextBox2.Text != "")
{
string cmdText = "SELECT UserName FROM OfficeAutoDB";
SqlConnection conn = new SqlConnection(connStr);
conn.Open();
SqlCommand cmd = new SqlCommand(cmdText, conn);
SqlDataReader Rd = cmd.ExecuteReader();
string PName = Rd.ToString();
if (TextBox1.Text == PName)
{
Response.Write("<script> alert('dfsf')</script>");
}
Rd.Close();
conn.Close();
}
else
{
Response.Write("<sciprt>alert('用户名和密码不能为空!')</script>");
}
...全文
请发表友善的回复…
发表回复
jxf654 2007-02-20
- 打赏
- 举报
up
qufo 2007-02-19
- 打赏
- 举报
同意楼上.
放着好的不用.
放着好的不用.
cqdyh 2007-02-16
- 打赏
- 举报
查询 SQL 参数设置
string sqlLogin = "SELECT * FROM [User] WHERE ([flag]=1) AND ([LoginName]=@LoginName)";
System.Data.SqlClient.SqlCommand sqlCmdObj = new System.Data.SqlClient.SqlCommand(sqlLogin);
sqlCmdObj.Parameters.Add("@LoginName", System.Data.SqlDbType.NVarChar, 64).Value=loginName;
其它的上面都说得很清楚了.
string sqlLogin = "SELECT * FROM [User] WHERE ([flag]=1) AND ([LoginName]=@LoginName)";
System.Data.SqlClient.SqlCommand sqlCmdObj = new System.Data.SqlClient.SqlCommand(sqlLogin);
sqlCmdObj.Parameters.Add("@LoginName", System.Data.SqlDbType.NVarChar, 64).Value=loginName;
其它的上面都说得很清楚了.
W清风大侠M 2007-02-16
- 打赏
- 举报
if (TextBox1.Text != "" && TextBox2.Text != "")
{
string cmdText = "SELECT UserName FROM OfficeAutoDB WHERE UserID = '"+TextBox1.Text.Trim()+"' AND Password = '"+TextBox2.Text .Trim()+"'";
SqlConnection conn = new SqlConnection(connStr);
conn.Open();
SqlCommand cmd = new SqlCommand(cmdText, conn);
SqlDataReader Rd = cmd.ExecuteReader();
if(Rd.Read()){
string PName = Rd.GetValue(0).ToString();
Response.Write("<script> alert('dfsf')</script>");
Rd.Close();
conn.Close();
}
else
{
Response.Write("<sciprt>alert('用户名和密码不能为空!')</script>");
}
{
string cmdText = "SELECT UserName FROM OfficeAutoDB WHERE UserID = '"+TextBox1.Text.Trim()+"' AND Password = '"+TextBox2.Text .Trim()+"'";
SqlConnection conn = new SqlConnection(connStr);
conn.Open();
SqlCommand cmd = new SqlCommand(cmdText, conn);
SqlDataReader Rd = cmd.ExecuteReader();
if(Rd.Read()){
string PName = Rd.GetValue(0).ToString();
Response.Write("<script> alert('dfsf')</script>");
Rd.Close();
conn.Close();
}
else
{
Response.Write("<sciprt>alert('用户名和密码不能为空!')</script>");
}
NekChan 2007-02-16
- 打赏
- 举报
你这样返回的 DataReader 也应该 Read() 啊!
多看看 ADO.NET 的書
多看看 ADO.NET 的書
NekChan 2007-02-16
- 打赏
- 举报
SELECT UserName FROM OfficeAutoDB WHERE UserID = '' AND Password = ''
这样很容易被人家注入攻击, 使用参数吧
这样很容易被人家注入攻击, 使用参数吧
wkcode 2007-02-16
- 打赏
- 举报
为什么不用验证控件呢???还可以正则表达试写规则
windowskof99 2007-02-16
- 打赏
- 举报
if (TextBox1.Text != "" && TextBox2.Text != "")
{
string cmdText = "SELECT UserName FROM OfficeAutoDB WHERE UserID = '"+TextBox1.Text.Trim()+"' AND Password = '"+TextBox2.Text .Trim()+"'";
SqlConnection conn = new SqlConnection(connStr);
conn.Open();
SqlCommand cmd = new SqlCommand(cmdText, conn);
SqlDataReader Rd = cmd.ExecuteReader();
if(Rd.Read()){
string PName = Rd.GetString("username字段列号"//从0开始).ToString();
Response.Write("<script> alert('dfsf')</script>");
Rd.Close();
conn.Close();
}
else
{
Response.Write("<sciprt>alert('用户名和密码不能为空!')</script>");
}
{
string cmdText = "SELECT UserName FROM OfficeAutoDB WHERE UserID = '"+TextBox1.Text.Trim()+"' AND Password = '"+TextBox2.Text .Trim()+"'";
SqlConnection conn = new SqlConnection(connStr);
conn.Open();
SqlCommand cmd = new SqlCommand(cmdText, conn);
SqlDataReader Rd = cmd.ExecuteReader();
if(Rd.Read()){
string PName = Rd.GetString("username字段列号"//从0开始).ToString();
Response.Write("<script> alert('dfsf')</script>");
Rd.Close();
conn.Close();
}
else
{
Response.Write("<sciprt>alert('用户名和密码不能为空!')</script>");
}
