注册前先判断用户名是否已经存在,通过if (SqlHelper.Exists(strSql))查询判断是否已经存在。没存在则进行一个数据插入数据库操作
string strSql1 = string.Format("insert into login values('{0}','{1}','{2}','{3}','{4}')", pwd, username, qq, email, tel);
if (SqlHelper.ExecteNonQueryText(strSql1, para1) > 0)
{
return "注册成功";
}
else
{
return "注册失败";
}
防注入写法
引入:using System.Data;using System.Data.SqlClient;
登陆部分:
1 tring strSql = "select * from Login where username=@username and pwd=@pwd"; 2 SqlParameter[] para = new SqlParameter[] 3 { 4 new SqlParameter("@username",SqlDbType.NVarChar), 5 new SqlParameter("@pwd",SqlDbType.NVarChar) 6 }; 7 para[0].Value = username; 8 para[1].Value = pwd; 9 10 if (SqlHelper.Exists(strSql)) 11 { 12 return "登录成功"; 13 } 14 else 15 { 16 return "登录帐号密码不匹配"; 17 }
注册部分:
string strSql1 = "insert into login values(@pwd,@username,@qq,@email,@tel)"; SqlParameter[] para1 = new SqlParameter[] { new SqlParameter("@pwd",SqlDbType.NVarChar), new SqlParameter("@username",SqlDbType.NVarChar) , new SqlParameter("@qq",SqlDbType.NVarChar), new SqlParameter("@email",SqlDbType.NVarChar) , new SqlParameter("@tel",SqlDbType.NVarChar) }; para1[0].Value = pwd; para1[1].Value = username; para1[2].Value = qq; para1[3].Value = email; para1[4].Value = tel; if (SqlHelper.ExecteNonQueryText(strSql1, para1) > 0) { return "注册成功"; } else { return "注册失败"; }