62,254
社区成员
发帖
与我相关
我的任务
分享关于注册页面的问题,在线急等!
我刚学ASP.NET,我想学习下参数方式提交,这样可避免人家注入,可是不知道代码该怎么写,这是我的后台代码,帮忙改成参数方式提交的代码,我学习参考下,谢谢了。
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.Common;
using System.Data.SqlClient;
public partial class Register : System.Web.UI.Page
{
protected void Page_Load(object sender, System.EventArgs e)
{
}
protected void ButtonOK_Click(object sender, System.EventArgs e)
{
String strCon = "server=(local);uid=sa;pwd=xxxx; database=xxxxxxx";
SqlConnection con = new SqlConnection(strCon);
con.Open();
string sql = "Insert into LoginAdmin(LoginName,UserName,Password,Email,question) values('" + TextBoxLoginName.Text + "','" + TextBoxUserName.Text + "','" + TextBoxPassword.Text + "','" + TextBoxEmail.Text + "','" + TextBoxquestion.Text + "')";
SqlCommand cmd = new SqlCommand(sql, con);
cmd.ExecuteNonQuery();
Response.Write("<Script Language=JavaScript>alert(\"注册成功!\")</Script>");
Session["LoginName"] = TextBoxLoginName.Text;
Response.Redirect("Login.aspx");
con.Close();
}
}
顺便再问下,我能不能通过别的方法统一调用SQL数据库,这样String strCon = "server=(local);uid=sa;pwd=xxxx; database=xxxxxxx";
太复杂了,能解决吗?
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.Common;
using System.Data.SqlClient;
public partial class Register : System.Web.UI.Page
{
protected void Page_Load(object sender, System.EventArgs e)
{
}
protected void ButtonOK_Click(object sender, System.EventArgs e)
{
String strCon = "server=(local);uid=sa;pwd=xxxx; database=xxxxxxx";
SqlConnection con = new SqlConnection(strCon);
con.Open();
string sql = "Insert into LoginAdmin(LoginName,UserName,Password,Email,question) values('" + TextBoxLoginName.Text + "','" + TextBoxUserName.Text + "','" + TextBoxPassword.Text + "','" + TextBoxEmail.Text + "','" + TextBoxquestion.Text + "')";
SqlCommand cmd = new SqlCommand(sql, con);
cmd.ExecuteNonQuery();
Response.Write("<Script Language=JavaScript>alert(\"注册成功!\")</Script>");
Session["LoginName"] = TextBoxLoginName.Text;
Response.Redirect("Login.aspx");
con.Close();
}
}
顺便再问下,我能不能通过别的方法统一调用SQL数据库,这样String strCon = "server=(local);uid=sa;pwd=xxxx; database=xxxxxxx";
太复杂了,能解决吗?
...全文
请发表友善的回复…
发表回复
ttl5688 2009-12-09
- 打赏
- 举报
[Quote=引用 15 楼 tao_jile 的回复:]
错误很明显 必须声明标量变量 "@LoginName"
[/Quote]
怎么声明?指点下好吗?我不知道怎么声明。。。
错误很明显 必须声明标量变量 "@LoginName"
[/Quote]
怎么声明?指点下好吗?我不知道怎么声明。。。
kart15 2009-12-07
- 打赏
- 举报
你加个[],或者这个字段设置有问题
tao_jile 2009-12-07
- 打赏
- 举报
错误很明显 必须声明标量变量 "@LoginName"
伴老思源 2009-12-07
- 打赏
- 举报
[Quote=引用 10 楼 ttl5688 的回复:]
参数谁会啊?我现在这报错是 必须声明标量变量 "@LoginName"。 需要怎么改啊?谁来帮我下,后台代码
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.Common;
using System.Data.SqlClient;
public partial class Register : System.Web.UI.Page
{
protected void Page_Load(object sender, System.EventArgs e)
{
}
protected void ButtonOK_Click(object sender, System.EventArgs e)
{
String strCon = "server=(local);uid=sa;pwd=XXXX; database=XXXXXX";
SqlConnection con = new SqlConnection(strCon);
con.Open();
string sql = "select * from LoginAdmin where LoginName='" + TextBoxLoginName.Text + "'";
SqlCommand cmd = new SqlCommand(sql, con);
SqlDataReader reader = cmd.ExecuteReader();
if (reader.Read()) //如果用户存在
{
Response.Write(" <Script Language=JavaScript>alert(\"该用户已存在!\") </Script>");
return;
}
else
{
reader.Close();
sql = "Insert into LoginAdmin(LoginName,UserName,Password,Email,question) values(@LoginName,@UserName,@Password,@Email,@question)";
cmd.Parameters.Add(new SqlParameter("@LoginName", SqlDbType.VarChar, 50));
cmd.Parameters.Add(new SqlParameter("@UserName", SqlDbType.VarChar, 50));
cmd.Parameters.Add(new SqlParameter("@Password", SqlDbType.VarChar, 50));
cmd.Parameters.Add(new SqlParameter("@Email", SqlDbType.VarChar, 50));
cmd.Parameters.Add(new SqlParameter("@question", SqlDbType.VarChar, 50));
cmd.Parameters["@LoginName"].Value = TextBoxLoginName.Text;
cmd.Parameters["@UserName"].Value = TextBoxUserName.Text;
cmd.Parameters["@Password"].Value = TextBoxPassword.Text;
cmd.Parameters["@Email"].Value = TextBoxEmail.Text;
cmd.Parameters["@question"].Value = TextBoxquestion.Text;
cmd = new SqlCommand(sql, con);
cmd.ExecuteNonQuery();
Response.Write(" <Script Language=JavaScript>alert(\"注册成功!\") </Script>");
Session["LoginName"] = TextBoxLoginName.Text;
Response.Redirect("Login.aspx");
}
con.Close();
}
}
这该怎么改啊?
[/Quote]
看一下TextBoxLoginName.Text是否为DBNull ~
参数谁会啊?我现在这报错是 必须声明标量变量 "@LoginName"。 需要怎么改啊?谁来帮我下,后台代码
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.Common;
using System.Data.SqlClient;
public partial class Register : System.Web.UI.Page
{
protected void Page_Load(object sender, System.EventArgs e)
{
}
protected void ButtonOK_Click(object sender, System.EventArgs e)
{
String strCon = "server=(local);uid=sa;pwd=XXXX; database=XXXXXX";
SqlConnection con = new SqlConnection(strCon);
con.Open();
string sql = "select * from LoginAdmin where LoginName='" + TextBoxLoginName.Text + "'";
SqlCommand cmd = new SqlCommand(sql, con);
SqlDataReader reader = cmd.ExecuteReader();
if (reader.Read()) //如果用户存在
{
Response.Write(" <Script Language=JavaScript>alert(\"该用户已存在!\") </Script>");
return;
}
else
{
reader.Close();
sql = "Insert into LoginAdmin(LoginName,UserName,Password,Email,question) values(@LoginName,@UserName,@Password,@Email,@question)";
cmd.Parameters.Add(new SqlParameter("@LoginName", SqlDbType.VarChar, 50));
cmd.Parameters.Add(new SqlParameter("@UserName", SqlDbType.VarChar, 50));
cmd.Parameters.Add(new SqlParameter("@Password", SqlDbType.VarChar, 50));
cmd.Parameters.Add(new SqlParameter("@Email", SqlDbType.VarChar, 50));
cmd.Parameters.Add(new SqlParameter("@question", SqlDbType.VarChar, 50));
cmd.Parameters["@LoginName"].Value = TextBoxLoginName.Text;
cmd.Parameters["@UserName"].Value = TextBoxUserName.Text;
cmd.Parameters["@Password"].Value = TextBoxPassword.Text;
cmd.Parameters["@Email"].Value = TextBoxEmail.Text;
cmd.Parameters["@question"].Value = TextBoxquestion.Text;
cmd = new SqlCommand(sql, con);
cmd.ExecuteNonQuery();
Response.Write(" <Script Language=JavaScript>alert(\"注册成功!\") </Script>");
Session["LoginName"] = TextBoxLoginName.Text;
Response.Redirect("Login.aspx");
}
con.Close();
}
}
这该怎么改啊?
[/Quote]
看一下TextBoxLoginName.Text是否为DBNull ~
伴老思源 2009-12-07
- 打赏
- 举报
[Quote=引用 5 楼 bdqnmhm 的回复:]
public DataTable ExecuteDateSet(string sql)
{
DataSet ds = new DataSet();
SqlCommand comm = new SqlCommand(sql, Connection);
SqlDataAdapter adapter = new SqlDataAdapter(comm);
adapter.Fill(ds);
return ds.Tables[0];
}
public DataTable ExecuteDateSet(string sql, params SqlParameter[] values)
{
DataSet ds = new DataSet();
SqlCommand comm = new SqlCommand(sql, Connection);
comm.Parameters.AddRange(values);
SqlDataAdapter da = new SqlDataAdapter(comm);
da.Fill(ds);
return ds.Tables[0];
}
[/Quote]
这返回的是一个DataTable,没必要在方法里是使用DataSet~
public DataTable ExecuteDateSet(string sql)
{
DataSet ds = new DataSet();
SqlCommand comm = new SqlCommand(sql, Connection);
SqlDataAdapter adapter = new SqlDataAdapter(comm);
adapter.Fill(ds);
return ds.Tables[0];
}
public DataTable ExecuteDateSet(string sql, params SqlParameter[] values)
{
DataSet ds = new DataSet();
SqlCommand comm = new SqlCommand(sql, Connection);
comm.Parameters.AddRange(values);
SqlDataAdapter da = new SqlDataAdapter(comm);
da.Fill(ds);
return ds.Tables[0];
}
[/Quote]
这返回的是一个DataTable,没必要在方法里是使用DataSet~
z109214114 2009-12-07
- 打赏
- 举报
学习了......
ttl5688 2009-12-07
- 打赏
- 举报
帮忙看看谁能给出个正确答案?
NY2T93 2009-12-06
- 打赏
- 举报
对连接数据库字符串进行加密就OK了
ttl5688 2009-12-06
- 打赏
- 举报
高手来看看啊,在线等啊,非常感谢,自己顶上去
ttl5688 2009-12-06
- 打赏
- 举报
cmd.ExecuteNonQuery();报错是:必须声明标量变量 "@LoginName"。这样该怎么改呢?非常感谢高手的指点!
ttl5688 2009-12-06
- 打赏
- 举报
楼上的高手,我是初学者。。。。。。看不大明白,还往加点注解,非常感谢
bdqnmhm 2009-12-06
- 打赏
- 举报
using System;
using System.Collections.Generic;
using System.Text;
using System.Data.SqlClient;
using System.Data;
using System.Configuration;
namespace AptechSystem.DAL
{
public class DBHelper
{
private string connString = ConfigurationManager.ConnectionStrings["connString"].ConnectionString;//获取数据连接字符串
private SqlConnection conn;//创建数据库连接对象
public SqlConnection Connection
{
get
{
if (conn == null)
{
conn = new SqlConnection(connString);
conn.Open();
}
else
if (conn.State == System.Data.ConnectionState.Closed)
{
conn.Open();
}
else
if (conn.State == System.Data.ConnectionState.Broken)
{
conn.Close();
conn.Open();
}
return conn;
}
}
public int ExecuteCommand(params SqlParameter[] values)
{
SqlCommand cmd = new SqlCommand();
cmd.Connection = Connection;
cmd.CommandText = "Pro_UpdateBooksCatagory";
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddRange(values);
int result = cmd.ExecuteNonQuery();
return result;
}
public int ExecuteCommand(string sql)
{
try
{
SqlCommand comm = new SqlCommand(sql, Connection);
return comm.ExecuteNonQuery();
}
catch (Exception)
{
throw;
}
finally
{
conn.Close();
}
}
public int GetScalar(params SqlParameter[] values)
{
SqlCommand cmd = new SqlCommand();
cmd.Connection = Connection;
cmd.CommandText = "Pro_InsertOrder";
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddRange(values);
int result = Convert.ToInt32(cmd.ExecuteScalar());
return result;
}
public int GetScalar(string sql, params SqlParameter[] values)
{
SqlCommand cmd = new SqlCommand(sql, Connection);
cmd.Parameters.AddRange(values);
int result = Convert.ToInt32(cmd.ExecuteScalar());
return result;
}
public int ExecuteCommand(string sql, params SqlParameter[] values)
{
SqlCommand comm = new SqlCommand(sql, Connection);
comm.Parameters.AddRange(values);
int result = comm.ExecuteNonQuery();
return result;
}
public int ExecuteScalar(params SqlParameter[] values)
{
SqlCommand comm = new SqlCommand();
comm.Connection = Connection;
comm.CommandText = "Pro_UpdateBooksCatagory";
comm.CommandType = CommandType.StoredProcedure;
comm.Parameters.AddRange(values);
return 1;
}
public int ExecuteScalar(string sql)
{
int result;
SqlCommand comm = new SqlCommand(sql, Connection);
if (comm.ExecuteScalar() == null)
{
result = 0;
}
else
{
result = (int)comm.ExecuteScalar();
}
conn.Close();
return result;
}
public int ExecuteScalar(string sql, params SqlParameter[] values)
{
SqlCommand comm = new SqlCommand(sql, Connection);
comm.Parameters.AddRange(values);
int result = (int)comm.ExecuteScalar();
conn.Close();
return result;
}
public SqlDataReader ExecuteReader(string sql)
{
SqlCommand comm = new SqlCommand(sql, Connection);
SqlDataReader dataReader = comm.ExecuteReader();
return dataReader;
}
public SqlDataReader ExecuteReader(string sql, params SqlParameter[] values)
{
SqlCommand comm = new SqlCommand(sql, Connection);
comm.Parameters.AddRange(values);
SqlDataReader dataReader = comm.ExecuteReader();
return dataReader;
}
public DataTable ExecuteDateSet(string sql)
{
DataSet ds = new DataSet();
SqlCommand comm = new SqlCommand(sql, Connection);
SqlDataAdapter adapter = new SqlDataAdapter(comm);
adapter.Fill(ds);
return ds.Tables[0];
}
public DataTable ExecuteDateSet(string sql, params SqlParameter[] values)
{
DataSet ds = new DataSet();
SqlCommand comm = new SqlCommand(sql, Connection);
comm.Parameters.AddRange(values);
SqlDataAdapter da = new SqlDataAdapter(comm);
da.Fill(ds);
return ds.Tables[0];
}
}
}
using System.Collections.Generic;
using System.Text;
using System.Data.SqlClient;
using System.Data;
using System.Configuration;
namespace AptechSystem.DAL
{
public class DBHelper
{
private string connString = ConfigurationManager.ConnectionStrings["connString"].ConnectionString;//获取数据连接字符串
private SqlConnection conn;//创建数据库连接对象
public SqlConnection Connection
{
get
{
if (conn == null)
{
conn = new SqlConnection(connString);
conn.Open();
}
else
if (conn.State == System.Data.ConnectionState.Closed)
{
conn.Open();
}
else
if (conn.State == System.Data.ConnectionState.Broken)
{
conn.Close();
conn.Open();
}
return conn;
}
}
public int ExecuteCommand(params SqlParameter[] values)
{
SqlCommand cmd = new SqlCommand();
cmd.Connection = Connection;
cmd.CommandText = "Pro_UpdateBooksCatagory";
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddRange(values);
int result = cmd.ExecuteNonQuery();
return result;
}
public int ExecuteCommand(string sql)
{
try
{
SqlCommand comm = new SqlCommand(sql, Connection);
return comm.ExecuteNonQuery();
}
catch (Exception)
{
throw;
}
finally
{
conn.Close();
}
}
public int GetScalar(params SqlParameter[] values)
{
SqlCommand cmd = new SqlCommand();
cmd.Connection = Connection;
cmd.CommandText = "Pro_InsertOrder";
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddRange(values);
int result = Convert.ToInt32(cmd.ExecuteScalar());
return result;
}
public int GetScalar(string sql, params SqlParameter[] values)
{
SqlCommand cmd = new SqlCommand(sql, Connection);
cmd.Parameters.AddRange(values);
int result = Convert.ToInt32(cmd.ExecuteScalar());
return result;
}
public int ExecuteCommand(string sql, params SqlParameter[] values)
{
SqlCommand comm = new SqlCommand(sql, Connection);
comm.Parameters.AddRange(values);
int result = comm.ExecuteNonQuery();
return result;
}
public int ExecuteScalar(params SqlParameter[] values)
{
SqlCommand comm = new SqlCommand();
comm.Connection = Connection;
comm.CommandText = "Pro_UpdateBooksCatagory";
comm.CommandType = CommandType.StoredProcedure;
comm.Parameters.AddRange(values);
return 1;
}
public int ExecuteScalar(string sql)
{
int result;
SqlCommand comm = new SqlCommand(sql, Connection);
if (comm.ExecuteScalar() == null)
{
result = 0;
}
else
{
result = (int)comm.ExecuteScalar();
}
conn.Close();
return result;
}
public int ExecuteScalar(string sql, params SqlParameter[] values)
{
SqlCommand comm = new SqlCommand(sql, Connection);
comm.Parameters.AddRange(values);
int result = (int)comm.ExecuteScalar();
conn.Close();
return result;
}
public SqlDataReader ExecuteReader(string sql)
{
SqlCommand comm = new SqlCommand(sql, Connection);
SqlDataReader dataReader = comm.ExecuteReader();
return dataReader;
}
public SqlDataReader ExecuteReader(string sql, params SqlParameter[] values)
{
SqlCommand comm = new SqlCommand(sql, Connection);
comm.Parameters.AddRange(values);
SqlDataReader dataReader = comm.ExecuteReader();
return dataReader;
}
public DataTable ExecuteDateSet(string sql)
{
DataSet ds = new DataSet();
SqlCommand comm = new SqlCommand(sql, Connection);
SqlDataAdapter adapter = new SqlDataAdapter(comm);
adapter.Fill(ds);
return ds.Tables[0];
}
public DataTable ExecuteDateSet(string sql, params SqlParameter[] values)
{
DataSet ds = new DataSet();
SqlCommand comm = new SqlCommand(sql, Connection);
comm.Parameters.AddRange(values);
SqlDataAdapter da = new SqlDataAdapter(comm);
da.Fill(ds);
return ds.Tables[0];
}
}
}
ttl5688 2009-12-06
- 打赏
- 举报
请问一下,我把代码改成下面的代码了:
sql = "Insert into LoginAdmin(LoginName,UserName,Password,Email,question) values(@LoginName,@UserName,@Password,@Email,@question)";
cmd.Parameters.Add(new SqlParameter("@LoginName", SqlDbType.VarChar, 50));
cmd.Parameters.Add(new SqlParameter("@UserName", SqlDbType.VarChar, 50));
cmd.Parameters.Add(new SqlParameter("@Password", SqlDbType.VarChar, 20));
cmd.Parameters.Add(new SqlParameter("@Email", SqlDbType.VarChar, 100));
cmd.Parameters.Add(new SqlParameter("@questio", SqlDbType.VarChar, 100));
cmd.Parameters["@LoginName"].Value = TextBoxLoginName.Text;
cmd.Parameters["@UserName"].Value = TextBoxUserName.Text;
cmd.Parameters["@Password"].Value = TextBoxPassword.Text;
cmd.Parameters["@Email"].Value = TextBoxEmail.Text;
cmd = new SqlCommand(sql, con);
cmd.ExecuteNonQuery();
Response.Write("<Script Language=JavaScript>alert(\"注册成功!\")</Script>");
Session["LoginName"] = TextBoxLoginName.Text;
Response.Redirect("Login.aspx");
虽然能调试但是在:
cmd.ExecuteNonQuery();报错是:必须声明标量变量 "@LoginName"。这样该咱们改呢?谢谢了,谢谢了
sql = "Insert into LoginAdmin(LoginName,UserName,Password,Email,question) values(@LoginName,@UserName,@Password,@Email,@question)";
cmd.Parameters.Add(new SqlParameter("@LoginName", SqlDbType.VarChar, 50));
cmd.Parameters.Add(new SqlParameter("@UserName", SqlDbType.VarChar, 50));
cmd.Parameters.Add(new SqlParameter("@Password", SqlDbType.VarChar, 20));
cmd.Parameters.Add(new SqlParameter("@Email", SqlDbType.VarChar, 100));
cmd.Parameters.Add(new SqlParameter("@questio", SqlDbType.VarChar, 100));
cmd.Parameters["@LoginName"].Value = TextBoxLoginName.Text;
cmd.Parameters["@UserName"].Value = TextBoxUserName.Text;
cmd.Parameters["@Password"].Value = TextBoxPassword.Text;
cmd.Parameters["@Email"].Value = TextBoxEmail.Text;
cmd = new SqlCommand(sql, con);
cmd.ExecuteNonQuery();
Response.Write("<Script Language=JavaScript>alert(\"注册成功!\")</Script>");
Session["LoginName"] = TextBoxLoginName.Text;
Response.Redirect("Login.aspx");
虽然能调试但是在:
cmd.ExecuteNonQuery();报错是:必须声明标量变量 "@LoginName"。这样该咱们改呢?谢谢了,谢谢了
lxiron 2009-12-06
- 打赏
- 举报
在config中写个连接字符串。
hitlcyu19 2009-12-06
- 打赏
- 举报
将"server=(local);uid=sa;pwd=xxxx; database=xxxxxxx"放到配置文件中 然后configurationsettings.appsettings["str"]调用出来即可 然后sql的insert1楼写的很明白了
wuyq11 2009-12-06
- 打赏
- 举报
使用数据库操作类如sqlhelper
string sql = "Insert into LoginAdmin(LoginName,UserName,Password,Email,question) values(@LoginName,@UserName,@Password,@Email,@question)";
cmd .Parameters.Add(new SqlParameter("@LoginName", SqlDbType.VarChar,50));
cmd.Parameters.Add(new SqlParameter("@UserName", SqlDbType.VarChar,50));
cmd.Parameters.Add(new SqlParameter("@Password", SqlDbType.VarChar,20));
cmd.Parameters.Add(new SqlParameter("@Email", SqlDbType.VarChar,100));
cmd.Parameters.Add(new SqlParameter("@questio", SqlDbType.VarChar,100));
cmd.Parameters["@LoginName"].Value = TextBoxLoginName.Text ;
cmd.Parameters["@UserName"].Value = TextBoxUserName.Text ;
cmd.Parameters["@Password"].Value = TextBoxPassword.Text;
cmd .Parameters["@Email"].Value = TextBoxEmail.Text;
string sql = "Insert into LoginAdmin(LoginName,UserName,Password,Email,question) values(@LoginName,@UserName,@Password,@Email,@question)";
cmd .Parameters.Add(new SqlParameter("@LoginName", SqlDbType.VarChar,50));
cmd.Parameters.Add(new SqlParameter("@UserName", SqlDbType.VarChar,50));
cmd.Parameters.Add(new SqlParameter("@Password", SqlDbType.VarChar,20));
cmd.Parameters.Add(new SqlParameter("@Email", SqlDbType.VarChar,100));
cmd.Parameters.Add(new SqlParameter("@questio", SqlDbType.VarChar,100));
cmd.Parameters["@LoginName"].Value = TextBoxLoginName.Text ;
cmd.Parameters["@UserName"].Value = TextBoxUserName.Text ;
cmd.Parameters["@Password"].Value = TextBoxPassword.Text;
cmd .Parameters["@Email"].Value = TextBoxEmail.Text;
ttl5688 2009-12-06
- 打赏
- 举报
参数谁会啊?我现在这报错是 必须声明标量变量 "@LoginName"。 需要怎么改啊?谁来帮我下,后台代码
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.Common;
using System.Data.SqlClient;
public partial class Register : System.Web.UI.Page
{
protected void Page_Load(object sender, System.EventArgs e)
{
}
protected void ButtonOK_Click(object sender, System.EventArgs e)
{
String strCon = "server=(local);uid=sa;pwd=XXXX; database=XXXXXX";
SqlConnection con = new SqlConnection(strCon);
con.Open();
string sql = "select * from LoginAdmin where LoginName='" + TextBoxLoginName.Text + "'";
SqlCommand cmd = new SqlCommand(sql, con);
SqlDataReader reader = cmd.ExecuteReader();
if (reader.Read()) //如果用户存在
{
Response.Write("<Script Language=JavaScript>alert(\"该用户已存在!\")</Script>");
return;
}
else
{
reader.Close();
sql = "Insert into LoginAdmin(LoginName,UserName,Password,Email,question) values(@LoginName,@UserName,@Password,@Email,@question)";
cmd.Parameters.Add(new SqlParameter("@LoginName", SqlDbType.VarChar, 50));
cmd.Parameters.Add(new SqlParameter("@UserName", SqlDbType.VarChar, 50));
cmd.Parameters.Add(new SqlParameter("@Password", SqlDbType.VarChar, 50));
cmd.Parameters.Add(new SqlParameter("@Email", SqlDbType.VarChar, 50));
cmd.Parameters.Add(new SqlParameter("@question", SqlDbType.VarChar, 50));
cmd.Parameters["@LoginName"].Value = TextBoxLoginName.Text;
cmd.Parameters["@UserName"].Value = TextBoxUserName.Text;
cmd.Parameters["@Password"].Value = TextBoxPassword.Text;
cmd.Parameters["@Email"].Value = TextBoxEmail.Text;
cmd.Parameters["@question"].Value = TextBoxquestion.Text;
cmd = new SqlCommand(sql, con);
cmd.ExecuteNonQuery();
Response.Write("<Script Language=JavaScript>alert(\"注册成功!\")</Script>");
Session["LoginName"] = TextBoxLoginName.Text;
Response.Redirect("Login.aspx");
}
con.Close();
}
}
这该怎么改啊?
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.Common;
using System.Data.SqlClient;
public partial class Register : System.Web.UI.Page
{
protected void Page_Load(object sender, System.EventArgs e)
{
}
protected void ButtonOK_Click(object sender, System.EventArgs e)
{
String strCon = "server=(local);uid=sa;pwd=XXXX; database=XXXXXX";
SqlConnection con = new SqlConnection(strCon);
con.Open();
string sql = "select * from LoginAdmin where LoginName='" + TextBoxLoginName.Text + "'";
SqlCommand cmd = new SqlCommand(sql, con);
SqlDataReader reader = cmd.ExecuteReader();
if (reader.Read()) //如果用户存在
{
Response.Write("<Script Language=JavaScript>alert(\"该用户已存在!\")</Script>");
return;
}
else
{
reader.Close();
sql = "Insert into LoginAdmin(LoginName,UserName,Password,Email,question) values(@LoginName,@UserName,@Password,@Email,@question)";
cmd.Parameters.Add(new SqlParameter("@LoginName", SqlDbType.VarChar, 50));
cmd.Parameters.Add(new SqlParameter("@UserName", SqlDbType.VarChar, 50));
cmd.Parameters.Add(new SqlParameter("@Password", SqlDbType.VarChar, 50));
cmd.Parameters.Add(new SqlParameter("@Email", SqlDbType.VarChar, 50));
cmd.Parameters.Add(new SqlParameter("@question", SqlDbType.VarChar, 50));
cmd.Parameters["@LoginName"].Value = TextBoxLoginName.Text;
cmd.Parameters["@UserName"].Value = TextBoxUserName.Text;
cmd.Parameters["@Password"].Value = TextBoxPassword.Text;
cmd.Parameters["@Email"].Value = TextBoxEmail.Text;
cmd.Parameters["@question"].Value = TextBoxquestion.Text;
cmd = new SqlCommand(sql, con);
cmd.ExecuteNonQuery();
Response.Write("<Script Language=JavaScript>alert(\"注册成功!\")</Script>");
Session["LoginName"] = TextBoxLoginName.Text;
Response.Redirect("Login.aspx");
}
con.Close();
}
}
这该怎么改啊?
