以文本方式查看主题

-  Foxtable(狐表)  (http://foxtable.net/bbs/index.asp)
--  项目发布  (http://foxtable.net/bbs/list.asp?boardid=5)
----  登录代码  (http://foxtable.net/bbs/dispbbs.asp?boardid=5&id=12686)

--  作者:chengzhang
--  发布时间:2011/9/11 14:22:00
--  登录代码

 

Dim uName As String = e.Form.Controls("txtName").Value
Dim pwd As String = e.Form.Controls("txtpwd").value
Dim cmd As New SQLCommand
Dim dt As DataTable
Dim dr As DataRow
cmd.C
If uName = "" Then
    Messagebox.show("请输入用户名!","提示",MessageBoxButtons.OK,MessageBoxIcon.Warning)
    Return
Else If pwd = ""
    Messagebox.show("密码不能为空!","提示",MessageBoxButtons.OK,MessageBoxIcon.Warning)
    Return
End If
cmd.CommandText = "Select * From {userInfo} Where [userID] = \'" & uName.trim() & "\'"
dt = cmd.ExecuteReader
If dt Is not Nothing Then 

    dr = dt.DataRows(0)
    If e.Form.Controls("txtpwd").Value = dr("userPwd").trim() Then
        _UserName = uName
        _UserGroup = dr("userDES")
        MessageBox.Show("登录成功!","提示",MessageBoxButtons.OK,MessageBoxIcon.Information)
    Else
        Messagebox.show("密码错误!" ,"提示",MessageBoxButtons.OK,MessageBoxIcon.Warning)
    End If
Else
    MessageBox.Show("用户名或密码错误,请重新输入!","提示",MessageBoxButtons.OK,MessageBoxIcon.Warning)
    e.Form.Controls("txtpwd").value = ""
End If

[此贴子已经被作者于2011-9-15 20:08:27编辑过]

--  作者:明帆
--  发布时间:2011/9/24 20:04:00
--  
 测试一下,顺便学习,谢谢!
--  作者:willsniper
--  发布时间:2011/10/18 8:15:00
--  

没有防注入?