(select password,Id from u_users where (LoginName='{0}' or handphone='{0}' or eMail='{0}')", userName ) 这里面的userName是什么意思?
以下是整体代码 求解释!
public static int ValidateUserInfo(string userName, string userPwd) { SqlDataReader tablePws = null; string md5pws = ToMD5(userPwd);
SqlConnection conn = new SqlConnection(); conn.ConnectionString = staticValue.staticValue.userDB; SqlCommand cmd = new SqlCommand(); cmd.Connection = conn;
cmd.CommandText = string.Format("select password,Id from u_users where (LoginName='{0}' or handphone='{0}' or eMail='{0}')", userName); conn.Open(); tablePws = cmd.ExecuteReader(); cmd.Dispose(); conn.Close(); conn.Dispose();
if (tablePws == null) { return -1; } else { string key = Encoding.Unicode.GetString(tablePws["password"] as byte[]); if (md5pws == Decrypt(key)) { int userId = 0; int.TryParse(tablePws["Id"].ToString(), out userId); return userId; } return -1; } }
9 回答
慕神8447489
TA贡献1780条经验 获得超1个赞
你的一个是个string.format()吧,username是去填充{0}的,如果 你有{1},那就需要usernaem,这里再写一个变量来填充{1}
- 9 回答
- 0 关注
- 520 浏览
添加回答
举报
0/150
提交
取消