???????????
?????????????????ManageLogin.aspx?????д??????????????????????
protected void btnLogin_Click(object sender?? EventArgs e)
{
if (string.IsNullOrEmpty(txtName.Text)|| string.IsNullOrEmpty(txtPwd.Text) || string.IsNullOrEmpty(txtValid.Text))
{
Page.RegisterStartupScript(""?? "<script>alert('?????д???????')</script>");
return;
}
if (!txtValid.Text.ToUpper().Equals(Session["ValidNums"]))
{
Page.RegisterStartupScript(""?? "<script>alert('??????????')</script>");
return;
}
SqlConnection sql = new SqlConnection(ConfigurationManager.ConnectionStrings["connection"].ConnectionString);
sql.Open();
string select = "select * from tb_user t where t.username = '" + txtName.Text.Trim() + "' and pwd = '" + txtPwd.Text.Trim() +
"'";
SqlCommand command = new SqlCommand(select?? sql);
SqlDataReader dataReader = command.ExecuteReader();
if (dataReader.Read())
{
//??????
Response.Redirect("Default.aspx?Name=" + txtName.Text + "");
}
else
{
Page.RegisterStartupScript(""?? "<script>alert('??????????????')</script>");
dataReader.Close();
return;
}
???????Ч?????

??????????????
??????????????EditPwd.aspx????
<table class="table" border="1px" align="center">
<tr>
<td class="firstTd">???????</td>
<td >
<asp:DropDownList runat="server" ID="names" Width="200px" Height="20px" />
</td>
</tr>
<tr>
<td class="firstTd">?????</td>
<td >
<asp:TextBox runat="server" ID="txtOldPwd" TextMode="Password" />
</td>
</tr>
<tr>
<td class="firstTd">??????</td>
<td >
<asp:TextBox runat="server" ID="txtNewPwd" TextMode="Password"></asp:TextBox>
</td>
</tr>
<tr>
<td class="firstTd">&nbsp;</td>
<td align="right">
<span >
<asp:Button runat="server"  ID="btnSure" OnClick="btnSure_Click" Text="?????"/>
<asp:Button runat="server"  ID="btnCancle" OnClick="btnCancle_Click" Text="???"/>
</span>
</td>
</tr>
</table>
????????д????????????SqlDataAdapter + DataSet?????
protected void Page_Load(object sender?? EventArgs e)
{
//?????????
if (!IsPostBack)
{
SqlConnection sql = new SqlConnection(ConfigurationManager.ConnectionStrings["connection"].ConnectionString);
sql.Open();
string select = "select * from tb_user";
SqlDataAdapter sqlDataAdapter = new SqlDataAdapter(select?? sql);
DataSet dataSet = new DataSet();
sqlDataAdapter.Fill(dataSet);
sql.Close();
if (dataSet.Tables[0].Rows.Count> 0)
{
for (int index = 0; index < dataSet.Tables[0].Rows.Count; index++)
{
names.Items.Add(dataSet.Tables[0].Rows[index][1].ToString());
}
}
}
}
protected void btnSure_Click(object sender?? EventArgs e)
{
if (string.IsNullOrEmpty(txtNewPwd.Text) || string.IsNullOrEmpty(txtOldPwd.Text))
{
Page.RegisterStartupScript(""?? "<script>alert('????????????????????')</script>");
return;
}
SqlConnection sqlConnection = new SqlConnection("server=PC-20150424DMHQ;database=MyDatas;uid=sa;pwd=123456");
string select = "select * from tb_user where username = '" +names.Text + "'";
SqlCommand sqlCommand = new SqlCommand(select?? sqlConnection);
sqlConnection.Open();
SqlDataReader sqlDataReader = sqlCommand.ExecuteReader();
if (sqlDataReader.Read())
{
if (sqlDataReader["pwd"].ToString() != txtOldPwd.Text)
{
Page.RegisterStartupScript(""?? "<script>alert('???????????')</script>");
return;
}
}
else
{
Page.RegisterStartupScript(""?? "<script>alert('????????????')</script>");
return;
}
sqlConnection.Close();
sqlDataReader.Close();
//???????
sqlConnection.Open();
string updatePwd = "update tb_user set pwd = '" + txtNewPwd.Text + "' where username = '" + names.Text + "'";
sqlCommand = new SqlCommand(updatePwd?? sqlConnection);
sqlCommand.ExecuteNonQuery();
sqlConnection.Close();
Page.RegisterStartupScript(""?? "<script>alert('???????')</script>");
Page_Load(null?? null);
}
??????????????Ч??