如何判断输出的用户名和密码是否正确

try { string username = this.txtName.Text; string password = this.txtPass.Text; SqlConnection conn = new SqlConnection(); SqlCommand cmd = new SqlCommand(); conn.ConnectionString = ConfigurationManager.ConnectionStrings["costr"].ConnectionString; cmd.Connection = conn; cmd.CommandText = "select userName,passWord from AdminInfo where userName='" + username + "' and passWord='" + password + "'"; conn.Open(); SqlDataReader dr = cmd.ExecuteReader(); if (dr.Read()) { AdminInfo info = new AdminInfo(); Session["CurrentUser"] = info; //用戶信息存入session // Session["user"] = username; //控制匿名用戶登錄 // FormsAuthentication.SetAuthCookie(username, false); //如果是从其他页面自动调转到本页面，Request["ReturnUrl"]必然有 object oUrlRet = Request["ReturnUrl"]; this.Response.Redirect(oUrlRet == null ? "Index.aspx" : oUrlRet.ToString());//如果一开始就进入login.aspx，成功以后，应该登陸後自动跳到某个页面，如default.aspx //存入session //跳轉（禁止後退） // Response.Redirect("Index.aspx"); //Response.Write("Successful login!"); //跳轉（可以後退） // Response.Write(""); // Response.Write(""); //清空緩存用戶信息 //FormsAuthentication.SignOut(); //Request.Cookies.Clear(); //Session.Clear(); } else { this.Label1.Text = "用戶名或者密碼錯誤！"; this.txtName.Text = ""; this.txtPass.Text = ""; this.txtYanzheng.Text = ""; } return; } catch (Exception ex) { throw ex; }

SqlDataReader login = ConnStr.getcom("select * from [user] where [账号]='" + txtLogin.Text.Trim() + "'and [密码]='" + txtPwd.Text.Trim() + "'and [class]='" + cs + "'"); bool istrue = login.Read();//用read读取数据,有该用户返回真 //登录！！！！！！ if (istrue) { ConnStr.con_close();//关闭数据库连接 this.Visible=false; loginShow gotofrm = new loginShow();//新窗体 gotofrm.ShowDialog(); this.Dispose();//关闭此窗体 } else { ConnStr.con_close();//数据库关闭(这是我自己的） MessageBox.Show("用户名或密码错误!", "提示", MessageBoxButtons.OK, MessageBoxIcon.Stop); txtClear();//清除文本 txtLogin.Focus();//焦点 }