asp.net
web.config
<configuration>
……
<system.web>
<database>
<add key="strConn" value="server=107.120.65.99;database=DB;uid=DB;pwd=DB" />
</database>
</system.web>
……
</configuration>
Global.asax.cs
protected void Session_End(Object sender, EventArgs e)
...{
Application.Lock();
Application.Remove(Session.SessionID.ToString());
Application["OL_UserCount"]=(int)Application["OL_UserCount"]-1;
Application.UnLock();
}
login.aspx
<table class="logintable">
<tr> <td colspan="2" class="tdcaption"><font class="fcaption">ログイン</font></td></tr>
<tr> <td><font class="font100">ユーザーID:</font></td></tr>
<td><asp:TextBox CssClass="itxt" ID="txtName" Runat="server"></asp:TextBox></td></tr>
<tr> <td><font class="font100">パスワード:</font></td>
<td><asp:TextBox CssClass="itxt" ID="txtPwd" TextMode="Password" Runat="server"></asp:TextBox></td></tr>
<tr> <td><asp:Button CssClass="ibutton" ID="btnSubmit" Text="login" Runat="server"></asp:Button></td>
<td><input type="reset" class="ibutton" name="btnReset" value="reset"></td></tr>
</table>
login.aspx.cs
using System.Collections.Specialized;
using System.Data.SqlClient;
public void LoginBySQL()
...{
string strConn=(String) ((NameValueCollection) Context.GetConfig("system.web/database"))["strConn"];
using (SqlConnection conn = new SqlConnection(strConn))
...{
SqlCommand cmd = new SqlCommand("sp_IDPWD",conn);
cmd.CommandType=CommandType.StoredProcedure; //這裡採用預存程序
cmd.Parameters.Add("@ID",SqlDbType.VarChar,20);
cmd.Parameters.Add("@PWD",SqlDbType.VarChar,20);
cmd.Parameters["@ID"].Value=txtName.Text;
cmd.Parameters["@PWD"].Value=txtPwd.Text;
conn.Open();
using (SqlDataReader dr = cmd.ExecuteReader())
...{
if(dr.Read())
...{
bool NotOL=true;
for(int i=0;i<Application.Count;i++)
...{
if(Application[Application.GetKey(i).ToString()].ToString()==dr["UserID"].ToString())
NotOL=false;
}
if(NotOL)
...{
Application[Session.SessionID.ToString()]=dr["UserID"].ToString();
Application["OL_UserCount"]=(int)Application["OL_UserCount"]+1;
Session["UserName"]=dr["UserName"].ToString();//Sessions
Response.Redirect("./main/main.aspx");
}
else
message.Text="已經登陸";
}
else
...{
message.Text="密碼錯誤";
}
}
}
}
預存程序
ALTER PROCEDURE dbo.sp_IDPWD
(
@id varchar(20),
@pwd varchar(20)
/**//*@pwd datatype OUTPUT*/
)
AS
SET NOCOUNT ON
select * from [DB].[DB].[Admin] where (UserID=@id) and ([Password]=@pwd)
RETURN