public static int ValidateUserInfo(string userName, string userPwd)
{
SqlDataReader tablePws = null;
string md5pws = ToMD5(userPwd);
SqlConnection conn = new SqlConnection();
conn.ConnectionString = staticValue.staticValue.userDB;
SqlCommand cmd = new SqlCommand();
cmd.Connection = conn;
cmd.CommandText = string.Format("select password,Id from u_users where (LoginName='{0}' or handphone='{2}' or eMail='{3}')", userName);
conn.Open();
tablePws = cmd.ExecuteReader();
cmd.Dispose();
conn.Close();
conn.Dispose();
if (tablePws == null)
{
return -1;
}
else
{
string key = Encoding.Unicode.GetString(tablePws["password"] as byte[]);
if (md5pws == Decrypt(key))
{
int userId = 0;
int.TryParse(tablePws["Id"].ToString(), out userId);
return userId;
}
return -1;
}
}
姓名 ID 等等
cmd.CommandText = string.Format("select password,Id from u_users where (LoginName='{0}' or handphone='{2}' or eMail='{3}')", userName);
你没有写入{1} 就直接从0-》2了,应该有错的。