PRotected void Button1_Click(object sender, EventArgs e)    {        if (txtName.Text == "" || txtPwd.Text == "" || txtConfirm.Text == "")        {            this.Page.RegisterStartupScript("ss", "<script>alert('用户名密码不能为空')</script>");            return;        }        if (txtPwd.Text.Equals(txtConfirm.Text))        {            //查看当前用户是否存在            SqlConnection sqlConn = new SqlConnection(ConfigurationManager.ConnectionStrings["connection"].ConnectionString);            sqlConn.Open();            string sql = "select * from tb_user where username = '" + txtName.Text.Trim() + "'";            SqlCommand sqlCommand = new SqlCommand(sql, sqlConn);            SqlDataReader sqlDataReader = sqlCommand.ExecuteReader();            if (sqlDataReader.Read())            {                Page.RegisterStartupScript("", "<script>alert('用户名已存在！')</script>");                return;             }            sqlDataReader.Close();            //新增用户            string strInsert = "insert into tb_user(username, pwd, marks) values (@username,@pwd, @marks)";            sqlCommand = new SqlCommand(strInsert, sqlConn);            sqlCommand.Parameters.Add("@username", SqlDbType.VarChar);            sqlCommand.Parameters["@username"].Value = txtName.Text;            sqlCommand.Parameters.Add("@pwd", SqlDbType.VarChar, 20);            sqlCommand.Parameters["@pwd"].Value = txtPwd.Text;            sqlCommand.Parameters.Add("@marks", SqlDbType.VarChar, 1000);            sqlCommand.Parameters["@marks"].Value = "zbq测试";            sqlCommand.ExecuteNonQuery();            sqlConn.Close();            Page.RegisterStartupScript("", "<script>alert('注册成功！')</script>");            Response.Redirect("Default.aspx?Name=" + txtName.Text + "");        }    }

protected void btnLogin_Click(object sender, EventArgs e)    {        if (string.IsNullOrEmpty(txtName.Text)|| string.IsNullOrEmpty(txtPwd.Text) || string.IsNullOrEmpty(txtValid.Text))        {            Page.RegisterStartupScript("", "<script>alert('信息填写不完全！')</script>");            return;        }        if (!txtValid.Text.ToUpper().Equals(session["ValidNums"]))        {            Page.RegisterStartupScript("", "<script>alert('验证码不正确！')</script>");            return;        }        SqlConnection sql = new SqlConnection(ConfigurationManager.ConnectionStrings["connection"].ConnectionString);        sql.Open();        string select = "select * from tb_user t where t.username = '" + txtName.Text.Trim() + "' and pwd = '" + txtPwd.Text.Trim() +                        "'";        SqlCommand command = new SqlCommand(select, sql);        SqlDataReader dataReader = command.ExecuteReader();        if (dataReader.Read())        {            //成功就跳转            Response.Redirect("Default.aspx?Name=" + txtName.Text + "");        }        else        {            Page.RegisterStartupScript("", "<script>alert('账户名或密码错误！')</script>");            dataReader.Close();            return;        }

<table class="table" border="1px" align="center">                <tr>                    <td class="firstTd">用户名：</td>                    <td >                        <asp:DropDownList runat="server" ID="names" Width="200px" Height="20px" />                    </td>                </tr>                <tr>                    <td class="firstTd">原密码：</td>                    <td >                        <asp:TextBox runat="server" ID="txtOldPwd" TextMode="PassWord" />                    </td>                </tr>                <tr>                    <td class="firstTd">新密码：</td>                    <td >                        <asp:TextBox runat="server" ID="txtNewPwd" TextMode="Password"></asp:TextBox>                    </td>                </tr>                <tr>                    <td class="firstTd">&nbsp;</td>                    <td align="right">                        <span >                            <asp:Button runat="server"  ID="btnSure" OnClick="btnSure_Click" Text="确认登录"/>                            <asp:Button runat="server"  ID="btnCancle" OnClick="btnCancle_Click" Text="取消"/>                            </span>                    </td>                </tr>                            </table>

protected void Page_Load(object sender, EventArgs e)    {       //初始化数据        if (!IsPostBack)        {            SqlConnection sql = new SqlConnection(ConfigurationManager.ConnectionStrings["connection"].ConnectionString);            sql.Open();            string select = "select * from tb_user";            SqlDataAdapter sqlDataAdapter = new SqlDataAdapter(select, sql);            DataSet dataSet = new DataSet();            sqlDataAdapter.Fill(dataSet);            sql.Close();            if (dataSet.Tables[0].Rows.Count> 0)            {                for (int index = 0; index < dataSet.Tables[0].Rows.Count; index++)                {                    names.Items.Add(dataSet.Tables[0].Rows[index][1].ToString());                }            }        }    }    protected void btnSure_Click(object sender, EventArgs e)    {        if (string.IsNullOrEmpty(txtNewPwd.Text) || string.IsNullOrEmpty(txtOldPwd.Text))        {            Page.RegisterStartupScript("", "<script>alert('密码不能为空或者不能不相等！')</script>");            return;        }        SqlConnection sqlConnection = new SqlConnection("server=PC-20150424DMHQ;database=MyDatas;uid=sa;pwd=123456");        string select = "select * from tb_user where username = '" +names.Text + "'";        SqlCommand sqlCommand = new SqlCommand(select, sqlConnection);        sqlConnection.Open();        SqlDataReader sqlDataReader = sqlCommand.ExecuteReader();        if (sqlDataReader.Read())        {            if (sqlDataReader["pwd"].ToString() != txtOldPwd.Text)            {                Page.RegisterStartupScript("", "<script>alert('密码输入错误！')</script>");                return;            }        }        else        {            Page.RegisterStartupScript("", "<script>alert('数据库连接错误！')</script>");            return;        }        sqlConnection.Close();        sqlDataReader.Close();                //修改密码        sqlConnection.Open();        string updatePwd = "update tb_user set pwd = '" + txtNewPwd.Text + "' where username = '" + names.Text + "'";        sqlCommand = new SqlCommand(updatePwd, sqlConnection);        sqlCommand.ExecuteNonQuery();        sqlConnection.Close();        Page.RegisterStartupScript("", "<script>alert('修改成功！')</script>");        Page_Load(null, null);    }