protected void btnSave_Click(object sender, EventArgs e)
{
  HttpCookie cookie = Request.Cookies["UserID"];
  if (cookie == null)
  {
    cookie = new HttpCookie("UserID", "0");
    cookie.Expires = DateTime.Now.AddMinutes(3);
      

  }
  int i = Convert.ToInt16(cookie.Value);
  if (i >= 3)
  {
    Response.Write("<script>window.alert('登入3次');</s" + "cript>");
    return;
  }

  string connStr = "Data Source=.;Initial Catalog=SchoolDB;Integrated Security=True ";
  string sql = "select count(UserID) from Student where UserName=@UserName And [PassWord]=@Password";
  using (SqlConnection conn = new SqlConnection(connStr))
  {
    SqlCommand comm = new SqlCommand();
    comm.Connection = conn;
    comm.CommandText = sql;
    comm.Parameters.AddWithValue("@UserName", this.txtUserNam.Text);
    comm.Parameters.AddWithValue("@Password", this.txtPassWord.Text);
    conn.Open();
    SqlDataReader dr = comm.ExecuteReader();

    if (dr.HasRows)
    {
      Response.Write("登入成功！");
    }
    else
    {
      i++;
      cookie["UserID"] = i.ToString();
    }
  }
  Response.Cookies.Add(cookie);
}