1

我正在尝试制作一个登录页面。

我有一个包含四列的用户表。

id 用户名 密码 admin

我有一个帖子,但我无法登录。这是我的代码:

    try
    {


        string strcon = System.Configuration.ConfigurationManager.ConnectionStrings["blogCS"].ToString();
        SqlConnection myConnection = new SqlConnection();
        myConnection.ConnectionString = strcon;
        myConnection.Open();

        string strSql = "SELECT COUNT(*) FROM users WHERE username=' " + txtUsername + "' AND password='";
        SqlCommand command = new SqlCommand(strSql, myConnection); 
        int count = Convert.ToInt32(command.ExecuteScalar());
        myConnection.Close();

        if (count == 1)
            Response.Redirect("index.aspx");
        else
            lblStatus.Text = Convert.ToString(count);

    }

    catch (Exception k)
    {
        lblStatus.Text = k.Message;
    }
4

2 回答 2

0

这是精炼的代码:

    try
    {


        string strcon = System.Configuration.ConfigurationManager.ConnectionStrings["blogCS"].ToString();
        SqlConnection myConnection = new SqlConnection();
        myConnection.ConnectionString = strcon;
        myConnection.Open();

        string strSql = "SELECT COUNT(id) FROM users WHERE username=' " + txtUsername + "' AND password='" + txtPassword + "'";
        SqlCommand command = new SqlCommand(strSql, myConnection); 
        int count = Convert.ToInt32(command.ExecuteScalar());
        myConnection.Close();

        if (count == 1)
            Response.Redirect("index.aspx");
        else
            lblStatus.Text = Convert.ToString(count);

    }

    catch (Exception k)
    {
        lblStatus.Text = k.Message;
    }
于 2012-05-29T19:17:52.497 回答
-1 
"SELECT COUNT(*) FROM users WHERE username=' " + txtUsername + "' AND password='";

通过密码

于 2012-05-29T19:13:46.000 回答