strSql.Append("select password from register where nickname='" + uid + "' and flag='A';");
strSql.Append("select figureid,empid,depid from operator where flag='A' and empid=(select empid from register where nickname='" + uid + "' and flag='A');");
openDB.Search(strSql.ToString(),openDB.conn,out reader);
//如果有 匹配 nickName 的用户
if(reader.Read())
{
//如果密码匹配
if(pwd==reader.GetString(0))
{