62,025
社区成员
发帖
与我相关
我的任务
分享
public partial class Login : System.Web.UI.Page
{
public string user = string.Empty;
public string pwd = string.Empty;
public string ok = "nihao,hello";
public string err = "over,gun";
protected void Page_Load(object sender, EventArgs e)
{
int i = 0;
if (Request.Form["userName"] != null)
{
user =htmlparse(Request.Form["userName"].ToString());
i = i + 1;
}
if (Request.Form["passWord"] != null)
{
pwd =htmlparse(Request.Form["passWord"].ToString());
i = i + 1;
}
if (i >= 2)
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["sqlstr"].ConnectionString);
con.Open();
string sqlstr = "select count(*) from login where us='" + user + "' and pa='" + pwd + "'";
SqlCommand com = new SqlCommand(sqlstr, con);
if (int.Parse(com.ExecuteScalar().ToString()) > 0)
{
Response.Write("<script>alert('" + ok + "');</script>");
}
else
{
Response.Write("<script>alert('" + err+ "');</script>");
}
}
}
private string htmlparse(string str)
{
if (str.Trim() == "" || str == null)
{
return str;
}
else
{
str = str.Replace("&", "&");
str = str.Replace("<", "<");
str = str.Replace(">", ">");
str = str.Replace("'", "''");
str = str.Replace("*", " ");
str = str.Replace("\n", " <br/>");
str = str.Replace("\r\n", " <br/>");
str = str.Replace("select", " ");
str = str.Replace("insert", " ");
str = str.Replace("update", " ");
str = str.Replace("delete", " ");
str = str.Replace("create", " ");
str = str.Replace("drop", " ");
str = str.Replace("delcare", " ");
str = str.Replace(" ", " ");
str = str.Trim();
if (str.Trim().ToString() == "")
str = "无 ";
return str;
}
}
}
rs.Parameters.Add("@districtid", SqlDbType.Int).Value = classid