selectStr = "Select * from Users where adminName = '" + userName + "'"; break; }

SqlConnection

conn

=

SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString); SqlCommand cmd = new SqlCommand(selectStr,conn); try {

conn.Open(); SqlDataReader sdr = cmd.ExecuteReader(); if (sdr.Read()) {

if (sdr.GetString(1) == userPwd) {

Session["userName"] = userName; Session["userRole"] = userRole; conn.Close(); switch (userRole) {

case "0":

Response.Redirect("TeacherQueryElect.aspx"); break;

case "1":

Response.Redirect("StudentElect.aspx"); break;

case "2":

Response.Redirect("Main.aspx"); break; } }

else {

lblMessage.Text = "您输入的密码错误，请检查后重新输入！"; } }

else {

lblMessage.Text = "该用户不存在或用户名输入错误，请检查后重新输入！"; } }

catch (Exception ee) {

Response.Write("<script language=javascript>alert('" + ee.Message.ToString() + "')</script>"); }

new