日期:2014-05-18 浏览次数:20408 次
public bool IsExists(string name, string pw, string rank) { bool flag = false; string sql = "select * from ManageAdmin where AdminName='" + name + "' and AdminPw='" + pw + "' and AdminRank='" + rank + "'"; DataTable dt = sqlhelper.ExecuteQuery(sql, CommandType.Text); if (dt.Rows.Count > 0) { flag = true; } return flag; }
public bool IsExists(string name, string pw, string rank) { bool flag = false; string sql = "select * from ManageAdmin where AdminName='" + name + "' and AdminPw='" + pw + "' and AdminRank='" + rank + "'"; DataTable dt = sqlhelper.ExecuteQuery(sql, CommandType.Text); if (dt.Rows.Count > 0) { Session["ID"]=dt[0]["id"].ToString(); flag = true; } return flag; }
------解决方案--------------------
可以登录的同时返回ID
------解决方案--------------------
记得好像是@@identity,返回个就好了,还有拼接字符串有注入风险。
------解决方案--------------------
在登录是将ID查询出来然后保存到Session里面。
------解决方案--------------------