我做了管理员登录输入用户名和密码。但是在登录验证的时候总是查找不到,可实际有这个用户名和密码:代码:``` @LANGUAGE="VBSCRIPT" CODEPAGE="936"
Response.Buffer=true
1<!-- #include file="conn.inc"-->
if (request.Form("username")="") or (Request.Form("password")="") then
redirectpage("manage.asp")
end if
if (request.Form("username")<>"") and (Request.Form("password")<>"") then
user=request.Form("username")
pas=request.Form("password")在这里可以得到user和pas的值
set rs=Conn.execute("select * from user where username="&user&" and password="&pas)
查找以后得不到
if rs("username")<>request.Form("username") then
response.Write("
1<div align="center">用户名不存在,请重新输入</div>
")
response.Write("
1<div align="center"><a href="javascript:history.back(1)">返回</a></div>
")
end if
if rs("username")=request.Form("username") then
redirectpage("add.asp")
end if
end if
---------------------------------------------------------------
set rs=Conn.execute("select * from user where username='"&user&"' and password='"&pas&"'")
---------------------------------------------------------------
set rs=Conn.execute("select * from user where username="&user&" and password="&pas)
==>
set rs=Conn.execute("select * from user where username='"&user&"' and password='"&pas&"'")
---------------------------------------------------------------
select ...
rs.open...
if rs.eof then
response.write "没有"
end if
---------------------------------------------------------------
"select * from user where username="&user&" and password="&pas)
必须改为
("select * from user where username='"&user&"' and password='"&pas&"'")因为是字符形的
---------------------------------------------------------------
把空格去掉
if rs("username")<>request.Form("username") then
==>
if trim(rs("username"))<>trim(request.Form("username")) then