想对已登录的账号进行密码修改。。。应该怎么改啊,小白求教
protected void btnSave_Click(object sender, EventArgs e)
{
conn.Open();
SqlCommand cmd = new SqlCommand();
cmd.Connection = conn;
cmd.CommandText = "select * from User where User_Account='" + Session["User_Account"].ToString() + "'and User_Pwd='" + txtPwd.Text.Trim() + "'";
SqlDataReader sdr = cmd.ExecuteReader();
try
{
if (sdr.Read())
{
SqlCommand updatecmd = new SqlCommand("update User set User_Pwd='" + txtPwd2.Text.Trim() + "'where User_Account='" + Session["User_Account"].ToString() + "'", conn);
int i = updatecmd.ExecuteNonQuery();
if (i == 1)
{
Response.Write("密码修改成功");
}
else
{
Response.Write("密码修改失败'");
}
}
else
{
Response.Write("原密码错误");
}
}
catch (System.Exception ee)
{
Response.Write("<script language =javascript>alert('" + ee.Message.ToString() + "')</script>");
}
finally
{
conn.Close();
sdr.Close();
}