TextBox1是登陆框的用户名输入,TextBox2是密码输入,xingming和mima是数据库对应字段。HY.mdb是数据库名,zhuce是表名。
运行后没有输入用户名和密码提示请输入后单击确定就自动登陆成功了,而且输入的用户名和密码和数据库中不一致也能登录成功,为什么?我的if判断语句应该怎么写?谢谢详细指点,赶紧不尽...
using System.Data.OleDb;
protected void Button1_Click(object sender, EventArgs e)
{
if (TextBox1.Text.Trim() == "" || TextBox2.Text.Trim() == "")
{
Response.Write("<script>alert('请输入用户名或密码!');</script>");
}
string strcon = "Provider = Microsoft.Jet.OLEDB.4.0;Data Source=" + Server.MapPath("HY.mdb");
OleDbConnection con = new OleDbConnection(strcon);
con.Open();
string sql = "select * from zhuce where xingming='" + TextBox1.Text + "' and mima = '" + TextBox2.Text + "'";
OleDbCommand com = new OleDbCommand(sql, con);
com.ExecuteNonQuery();
{
Response.Write("<script>alert('登陆成功!');window.location.href='index.html';</script>>");
}
{
Response.Write("<script>alert('用户名或密码不正确!');</script>");
}
}