这样判断有没有记录不对么?
public static int LandingConfirmation(string username,string userpassword)
{
sqlstr = "select top 1 * from manager where account= ' " + username + " ' and pwd= ' " + userpassword+ " ' ";
read=Data.operator_selectonlyread(sqlstr);
if (read.HasRows==true)
{
HttpContext.Current.Session[ "account "] = read.GetName(1);
result = 1;//查询到帐号信息
}
else
{
result = 0;//没有查询到帐号信息
}
return result;
}
read=Data.operator_selectonlyread(sqlstr); //获取一个方法
if (read.HasRows==true) 这样判断有没有数据不对么 ?
[解决办法]
你这个代码有注入漏洞哦