21.2015.08.13第二十三课ado.net3(增删改查、get传值、post传值、SQL防注入、调存储过程、SQLHELPER)

//前端部分,先要将SqlHelper类导入工程内
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="SqlHelperDemo.aspx.cs" Inherits="web20150811.SqlHelperDemo" %>

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
<table>
<tr><td>用户名：</td><td>
<asp:TextBox ID="txtUserName" runat="server"></asp:TextBox></td></tr>
<tr><td>密码：</td><td><asp:TextBox ID="txtPwd" runat="server" TextMode="Password"></asp:TextBox></td></tr>
<tr><td>
<asp:Button ID="btnLogin" runat="server" Text="登录" OnClick="btnLogin_Click" /></td></tr>
</table>
</div>
</form>
</body>
</html>

//代码部分
using System;
using System.Collections.Generic;
using System.Data;
using System.Data.SqlClient;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

namespace web20150811
{
public partial class SqlHelperDemo : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{

}

protected void btnLogin_Click(object sender, EventArgs e)
{
string username = txtUserName.Text.Trim();
string pwd = txtPwd.Text.Trim();
//string strSql = string.Format("select * from UserInfor  where  UserName='{0}' and pwd='{1}'", username, pwd);
string strSql = "select * from UserInfor where UserName=@UserName and Pwd=@Pwd";
SqlParameter[] para = new SqlParameter[] { new SqlParameter("@UserName", SqlDbType.NVarChar, 50),
new SqlParameter("@Pwd", SqlDbType.NVarChar, 50) };
para[0].Value = username;
para[1].Value = pwd;
if (SqlHelper.Exists(strSql,para))
{
Response.Write("<script>alert('登陆成功');</script>");
}
else{
Response.Write("<script>alert('用户名或密码错误');</script>");
}
}
}
}