用户登陆首页的密码验证问题
做个网页的登陆首页,要输入用户名(username)及密码(password),
看到别人都用dataset方式验证:
DataSet ds = mcObj.ReturnAIDs(txtusername.Text.Trim(), txtpassword.Text.Trim(), "AInfo");
username = Convert.ToInt32(ds.Tables["AInfo"].Rows[0][0].ToString());
或linq方式验证:
DataClassesDataContext DC = new DataClassesDataContext();
var query = from a in DC.Tb_pass where ...;
GridView GV = new GridView();
GV.DataSource = query;
GV.DataBind();
username = Convert.ToString(GV.Rows[0].Cells[0].Text);
我想问下C#能不能直接用执行SELECT语句,把用户名放入变量username?
select username from Tb_Pass where User=Username.Text and Pass=Password.Text;
如果username不为空,即验证成功.
这语句如何写?
还想问下,这样做是否会引起SQL注入式的攻击?