登录这样做有错吗
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Data;
public partial class Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void BtnLogin_Click(object sender, EventArgs e)
{
string str = "server='(.)';database='Expert';uid='sa';pwd='123456'"; //连接数据库
SqlConnection con = new SqlConnection(str); //创建连接
con.Open(); //打开连接
string strsql =
"select * from User where Id='" + TxtId.Text + "' and Pw='" + TxtPw.Text + "'";
SqlDataAdapter da = new SqlDataAdapter(strsql, con);
DataSet ds = new DataSet(); //创建数据集
int count=da.Fill(ds, "table"); //填充数据集
if (count > 0) //登录成功
{
Session["Id"] = TxtId .Text ;//赋予Session
Session["Pw"]=TxtPw .Text ; //赋予Session
}
else
{
Label1 .Text = "登录失败"; //登录失败
}
}
}
session
object
string
database
dataset
------解决方案-------------------- 可以是可以,一般不推荐这么做哦。。会造成注入性漏洞