急有个简单有关问题,弄了好久都没有出来select * from rigester where user='" + TextBox1.Text + &

急,有个简单问题,弄了好久都没有出来select * from rigester where user='" + TextBox1.Text + "' and pwd='" + TextBox2.Text + "'"
写了个登陆代码老是提示登陆失败,
我实在找不到原因了,不知道是不是哪个SQL语句有没有把两个文本框的值提出来,如果不是应该怎么办??如果不是,那是哪个地方出了问题????好急,高手,帮帮小弟.
两段代码都同样在下面了:都提示登陆失败
1:第一个登陆代码
Dim con As New SqlConnection
con.ConnectionString = "server=BT-BBT;uid=adoxq;pwd=86221xq;database=tz"
con.Open()

Dim str As String = "select * from rigester where user='" + TextBox1.Text + "' and pwd='" + TextBox2.Text + "'"
Dim cmd As New SqlCommand(str, con)
Dim dr As SqlDataReader = cmd.ExecuteReader
If dr.Read() Then
Response.Redirect("adocoffee\wangye\czdl.html")
Else
Response.Write("<script languge='javascript'> alert('登录失败,');window.top.location.href='login.aspx';</script>;return")

2:第二个登陆代码
Dim con As New SqlConnection
con.ConnectionString = "server=BT-BBT;uid=adoxq;pwd=86221xq;database=tz"

Dim ds As DataSet = New DataSet
Dim da As SqlDataAdapter = New SqlDataAdapter("select * from rigester where user='" + TextBox1.Text + "' and pwd='" + TextBox2.Text + "'", con)
con.Open()
da.Fill(ds)
If ds.Tables(0).Rows.Count = 0 Then
Response.Write("<script languge='javascript'> alert('登录失败,');window.top.location.href='login.aspx';</script>;return")

Else
Session("user") = TextBox1.Text
Response.Redirect("adocoffee/wangye/czdl.html")

End If
con.Close()
ds.Clear()

[解决办法]
Dim str As String = "select * from rigester where user= '" + TextBox1.Text + " ' and pwd= '" + TextBox2.Text + " '"
字符串拼的看不懂啊，是不是应该这样拼啊：
“select * from rigester where user=” + TextBox1.Text + “and pwd=” + TextBox2.Text；
个人愚见！
[解决办法]
"select * from rigester where user= '" + TextBox1.Text + " ' and pwd= '" + TextBox2.Text + " '"
~~~多了空格 ~~~多了空格

改成
"select * from rigester where user= '" + TextBox1.Text + "' and pwd= '" + TextBox2.Text + "'"
[解决办法]
Dim str As String = "select * from rigester where user= '" + TextBox1.Text + " ' and pwd= '" + TextBox2.Text + " '"
------------------------------------
首先注意红色部分之间应该加个空格！！！！
Dim str As String = "select * from rigester where user= '" + TextBox1.Text + " ' and pwd= '" + TextBox2.Text + " '"

另外跟踪一下，看是哪的问题。。
[解决办法]
貌似其他地方不该有空格的，楼主也多了空格。。这里的格式看不太清楚，楼主自己检查一下吧
整体应该如下：
Dim str As String = "select * from rigester where user= '" + TextBox1.Text + "' and pwd= '" + TextBox2.Text + "'"

[解决办法]

+ 应该换成 &

象姓名这样：
Dim str As String = "select * from rigester where user= '" & TextBox1.Text & " ' and pwd= '" & TextBox2.Text & " '"

------解决方案--------------------

Dim str As String = "select * from rigester where user= '" + TextBox1.Text + " ' and pwd= '" + TextBox2.Text + " '"
------------------------------------------------------

Dim str As String = "select * from rigester where username= '" + TextBox1.Text + " ' and pwd= '" + TextBox2.Text + " '"

你把你数据库表里的user 字段该成username 这样就可以了,user数据库系统自带的敏感字段.......

[解决办法]
问题解决了，恭喜楼主！
提个小建议啊：你的代码存在安全漏洞啊，很容易实现SQL注入攻击
是不能使用的！
Dim str As String = "select * from rigester where user= '" & TextBox1.Text.Trim("'","''") & " ' and pwd= '" & TextBox2.Text.Trim("'","''") & " '"

[解决办法]
"select * from rigester where [user]= '" + TextBox1.Text + " ' and pwd= '" + TextBox2.Text + " '"
楼主请输入用户名为 ' OR 1=1 密码随便...看看能不能登陆哦?

急有个简单有关问题,弄了好久都没有出

热点推荐