string connstr = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
using (SqlConnection conn = new SqlConnection(connstr))
{
string strSql = "select count(*) from users where username=@username and password=@userpass";
SqlParameter sqlpUser = new SqlParameter("@username", SqlDbType.Char, 10);
sqlpUser.Value = name;
SqlParameter sqlpPass = new SqlParameter("@userpass", SqlDbType.VarChar, 20);
sqlpPass.Value = pwd;
SqlCommand com = new SqlCommand(strSql, conn);
com.Parameters.Add(sqlpUser);
com.Parameters.Add(sqlpPass);
conn.Open();
if ((int)com.ExecuteScalar() > 0)
return true;
else
return false;
}
检查users 表里面是否有password字段,是否跟你上面拼接的SQL里的一样