<% response.buffer=true%>
<%myname=request.form("username")
mypassword=request.form("userpassword")
connectme="DSN=ctk;uid=dba;pwd=sql"
sqltem="select * from usergroup where username='"
sqltem=sqltem&myname&"'"
response.write sqltem
set rstemp=server.createobject("adodb.recordset")
rstemp.cachesize=5
rstemp.open sqltem,connectme
if rstemp.eof then%>
用户名<%=mynam%>不存在<br>
请<a href='login.asp'>重新登录</a>
<%response.end
end if
if rstemp("password")=mypassword then
session("name")=rstemp("username")
response.redirect"query_input.asp"
response.end
else%>
口令错误<br>
请<a href='login.asp'>重新登录</a>
<%response.end
end if
rstemp.close
set rstemp=nothing
%>
这是我的那段代码! 是不是有什么地方有问题?
'这是我刚写的一个函数,用户名中中不得含有非法字符情况,如'号
Sub Check_User(databasepath)
Set Conn=Server.CreateObject("ADODB.Connection")
Conn_Open(databasepath)
If Trim(session("UserName"))<>"" Then
Set Rs=Server.CreateObject("Adodb.RecordSet")
SQLStr="Select * From tbl_employee Where emp_account='"&session("UserName")&"' and id="&session("id")
Rs.Open SQLStr,Conn,1,1
If Rs.EOF Then
Response.Write "非法用户,请重新登录"
Response.End
End If
Else
Response.Write "非法用户,请重新登录"
Response.End
End If
End Sub