<%@ Page Language="C#" AutoEventWireup="true" CodeFile="AdminLogin.aspx.cs" Inherits="AdminLogin" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>网站信息管理</title>
<link href="AdminCss/Logincss.css" rel="stylesheet" type="text/css" />
</head>
<body>
<form id="form1" runat="server">
<div id="log_fm">
<div class="log_box">
<div class="btn_box">
<div id="tb_1">
<asp:TextBox ID="userName" runat="server" CssClass="tb"></asp:TextBox>
</div>
<div id="tb_2">
<asp:TextBox ID="passWord" runat="server" CssClass="tb" TextMode="Password"></asp:TextBox>
</div>
<div id="tb_3">
<asp:TextBox ID="txtCode" runat="server" CssClass="tb_yz" ></asp:TextBox>
</div>
<div id="yz">
<asp:Image ID="Image1" runat="server" ImageUrl="~/Admin/RandomImage.aspx" />
</div>
<div id="btn_1">
<asp:Button ID="Button1" runat="server" Text="登录" CssClass="btn"
Font-Size="14px" onclick="Button1_Click" />
</div>
<div id="btn_2">
<asp:Button ID="Button2" runat="server" Text="重置" CssClass="btn"
Font-Size="14px" />
</div>
</div>
</div>
</div>
</form>
</body>
</html>
using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Data.OleDb;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
public partial class AdminLogin : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
string strConnnection = @"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=";
strConnnection += Server.MapPath("~/App_Data/DataMaster.mdb");
OleDbConnection conn = new OleDbConnection(strConnnection);
string cmdText = "SELECT COUNT(*) FROM [Admin] WHERE UserName='" + userName.Text + "' AND userPass='" + passWord.Text + "'";
OleDbCommand cmd = new OleDbCommand(cmdText, conn);
conn.Open();
int count = (int)cmd.ExecuteScalar();
conn.Close();
if (string.Compare(Session["CheckCode"].ToString(), this.txtCode.Text, true) == 0 && count >0)
{
Session["myuser"] = userName.Text;
Response.Write("<script>alert('登录成功!')</script>");
ClientScript.RegisterStartupScript(this.GetType(), "e", "<script>window.location.href='Main.aspx';</script>");
return;
}
else
{
Response.Write("<script>alert('输入错误!')</script>");
ClientScript.RegisterStartupScript(this.GetType(), "e", "<script>window.location.href='AdminLogin.aspx';</script>");
}
}
}
代码如上,主要是防止SQL注入,要求代码可以直接上传服务器使用,不能有语法错误。
还有就是Web.config中 <customErrors mode="On" defaultRedirect="index.aspx"/> 这样设置是不是就不会显示WEB服务器详细的报错页面。谢谢大家。