请查找错误。
protected void ImageButton1_Click(object sender, ImageClickEventArgs e)
{
string UserName = Request.Form["UserName"];
string Password = Request.Form["Password"];
//ACCESS数据库的连接字符串
string strConn = @"Provider=Microsoft.Jet.OLEDB.4.0 ;Data Source="+Server.MapPath(".\\DataBase\\#wulong.mdb");
//生成一个新的连接
OleDbConnection myConn = new OleDbConnection(strConn);
myConn.Open();
string sql = "select * from users where username=@UserName and Password=@Password";
OleDbCommand myComm = new OleDbCommand(sql, myConn);
OleDbDataReader dr = myComm.ExecuteReader();
if(dr.HasRows){
Response.Write("成功");
}else{
Response.Write("失败");
}
}
------解决方案--------------------------------------------------------
string sql = "select * from users where username=@UserName and Password=@Password";
存在安全问题
------解决方案--------------------------------------------------------
你抱啥错误?
------解决方案--------------------------------------------------------
string sql = "select * from users where username='"+UserName+"' and Password='"+Password+"'";