使用存储过程会不会被注入?
雪北 2006-06-01 02:50:02 using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;
public partial class login : System.Web.UI.UserControl
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
if (Request.Cookies["CheckCode"] == null)
{
lmessage.Text = "您的浏览器设置已被禁用 Cookies,您必须设置浏览器允许使用 Cookies 选项后才能使用本系统。";
lmessage.Visible = true;
return;
}
//判断输入校验码是否正确
if (String.Compare(Request.Cookies["CheckCode"].Value, TextBox3.Text, true) != 0)
{
lmessage.Text = "验证码错误!";
lmessage.Visible = true;
return;
}
string name;
name = tbusername.Text.ToString();
string connStr = "data source=localhost;user id=pecc;password=pecc;initial catalog=pecc";
SqlConnection conn = new SqlConnection(connStr);
//为执行存储过程作准备,参数赋值
SqlCommand cmd = new SqlCommand("UserLogin", conn);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add("@username", tbusername.Text);
cmd.Parameters.Add("@password", tbpassword.Text);
//存储过程返回值
SqlParameter paramOut = cmd.Parameters.Add("@RETURN_VALUE", "");
paramOut.Direction = ParameterDirection.ReturnValue;
try
{
//打开数据连接
conn.Open();
//执行存储过程,添加用户
cmd.ExecuteNonQuery();
//根据返回值判断用户是否添加成功
if ((int)cmd.Parameters["@RETURN_VALUE"].Value ==1)
{
Session["username"] = tbusername.Text;
Response.Redirect("default.aspx");
}
else
{
//Response.Write("<h3 align=center>"+name+" 用户名或密码错误!</h3>");
lmessage.Text = "用户名或密码错误!";
}
}
catch (SqlException ex) //数据访问异常
{
Response.Write("数据库访问错误!\n");
Response.Write(ex.Message);
}
catch (Exception ex) //其他异常
{
Response.Write("错误!\n");
Response.Write(ex.Message);
}
finally
{
//最后关闭数据连接
conn.Close();
}
}
}