public void btn_submit_Click(object Source, EventArgs e)
{
{
string strconn= ConfigurationSettings.AppSettings["report1"];
SqlConnection cn= new SqlConnection (strconn);
cn.Open ();
//string mysql= "select * from lw_users where username='"+tbx_uid.Text +"' and password='"+tbx_upassword.Text +"'";
//SqlCommand cm=new SqlCommand (mysql,cn);
SqlCommand cm=new SqlCommand ("login",cn);
cm.CommandType=CommandType.StoredProcedure;
cm.Parameters.Add("@sql1",SqlDbType.NVarChar,50);
cm.Parameters["@sql1"].Value = tbx_uid.Text;
cm.Parameters.Add("@sql2",SqlDbType.NVarChar,50);
cm.Parameters["@sql2"].Value = tbx_upassword.Text;
SqlDataReader dr=cm.ExecuteReader ();
if(dr.Read ())
{
lbl_message.Text= "";
Session["username"]=dr["username"];
Session["password"]=dr["password"];
Session["company"]=dr["company"];
Response.Redirect ("main.aspx");
}
else
{
Response.Write ("<script>window.alert('用戶名/密碼錯誤,按“确定”返回')</script>");
}
cn.Close();
}
}
--------------------------------------------
存储过程:
CREATE proc login
(
@sql1 nvarchar(50),
@sql2 nvarchar(50)
)
AS
select * from lw_users where username=@sql1 and password=@sql2;
RETURN
GO
----------------------------------------
也可以写在CS里
string strconn= ConfigurationSettings.AppSettings["data"];
//连接本地计算机的MMS数据库
SqlConnection cn= new SqlConnection (strconn);
cn.Open ();
//构造SQL语句,该语句在Users表中检查用户名和密码是否正确
//string mysql= "select * from users where uid='"+tbx_uid.Text +"'and upassword='"+tbx_upassword.Text +"'";
string mysql= "select * from users where uid=@uid and upassword=@upassword";
//创建Command对象
SqlCommand cm=new SqlCommand (mysql,cn);
//SqlCommand cm=new SqlCommand ("pass",cn);
//执行ExecuteReader ()方法
//cm.CommandType = CommandType.StoredProcedure;
cm.Parameters.Add("@uid", SqlDbType.VarChar);
cm.Parameters.Add("@upassword", SqlDbType.VarChar);
cm.Parameters["@uid"].Value=uid.Text.ToString();
cm.Parameters["@upassword"].Value=upassword.Text.ToString();
SqlDataReader dr=cm.ExecuteReader ();//顺序很重要,不能放在前面
if(dr.Read ())