求asp.net C#密码修改页面及代码

修改密码：不登陆直接修改密码
用户名
原密码
新密码
确认新密码
验证都不需要了 就是看后台代码
代码：
protected void Page_Load(object sender, EventArgs e)
{

SqlConnection Conn = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["StrConn"].ConnectionString);
Conn.Open();
String Strname, StrPass;
Strname = name.Text.Trim();
StrPass = pass.Text.Trim();
String StrSql = "select name,pass from users where name='" + Strname + "' and pass='" + StrPass + "'";
SqlCommand Cmd = new SqlCommand(StrSql, Conn);
SqlDataReader Dr;

Dr = Cmd.ExecuteReader();
if (Dr.Read())
{
Session["name"] = Dr.GetValue(0).ToString();
Session["pass"] = Dr.GetValue(1).ToString();

if (Session["pass"] == false)
{
Response.Redirect("admin/adminlog.aspx");
}

else
{
name.Text = "";
pass.Text = "";
Response.Write("<script language='JavaScript'>alert('用户名不存在或者密码错误');</script>");
}
Dr.Close();
Cmd.Dispose();
Conn.Close();
}

}
protected void Btn1_Click(object sender, EventArgs e)
{
String Strpass, Strname, Strpass1;
Strpass = pass.Text.Trim();
Strpass1 = pass1.Text.Trim();
Strname = name.Text.Trim();
if (Page.IsValid == true)
{
String StrSql = "update students set name='" + Strname + "',pass='" + Strpass1 + "' where id='" + Session["id"].ToString() + "'";
db cuit = new db();
cuit.selectAdd(StrSql);
Response.Write("<script language='JavaScript'>alert('修改成功!');</script>");
}
}
能修改好吗 谢谢了

相关了解……