//返回值为一组数据
[WebMethod]
public Boolean ValiLogin(string username, string password)
{
SqlConnection sqlconnection = new SqlConnection(ConnectionString);
sqlconnection.Open();
string cmdstring = "select password from [user] where username= " + "'" + username"'"; //sql语句
SqlCommand cmd= new SqlComnand(cmdString, sqlconnection);
string pass = (string)cmd.ExecuteScalar(); //定义变量存储数据
sqlconnection.Close();
if( (pass.Trim() != password.Trim()) || pass.Trim() == null) // Trim去多余空格
return false;
else return true;
}
//返回值为多组数据
[WebMethod]
protected DataSet tip_details(string username)
{
SqlConnection sqlconnection = new SqlConnection(ConnectionString);
sqlconnection.Open();
string cmdstring = "select title,details,id,time from [tip] ";
SqlDataAdapter sqlAdapteruser = new SqlDataAdapter(cmdstring, sqlconnection);
DataSet ds = new DataSet();
sqlAdapteruser.Fill(ds, "tip");
sqlconnection.Close();
return ds;
}
[WebMethod]
public DataSet send_tips(string username) //环保小贴士
{
DataSet ds = new DataSet();
ds = tip_details(username);
return ds;
}
//计数:
string cmdcount = "select count(username) from [user] where username=" + "'" + username + "'";
SqlCommand cmdd = new SqlCommand(cmdcount, sqlconnection);
int cc = (int)cmdd.ExecuteScalar();
//查找
string cmdString = "select password from [user] where username=" + "'" + username + "'";
SqlCommand cmd = new SqlCommand(cmdString, sqlconnection);
string pas = (string)cmd.ExecuteScalar();
//插入
string insertString = "INSERT INTO [user] (username,password,sex,age,home,destination, telephone) values(" + "'" + username + "','" + password + "','" + sex + "','" + age + "','" + home + "','" + destination + "','" + telephone + "')";
SqlCommand insert_cmd = new SqlCommand(insertString, sqlconnection);
insert_cmd.ExecuteNonQuery();
//更新
string updateString = "UPDATE [user] SET username=" + "'" + username + "',password=" + "'" + password + "',sex=" + "'" + sex + "',age=" + "'" + age + "',home=" + "'" + home + "',destination=" + "'" + destination + "',telephone=" + "'" + telephone + "'where username=" + "'" + username + "'";
SqlCommand update_cmd = new SqlCommand(updateString, sqlconnection);
update_cmd.ExecuteNonQuery();
//删除
string cmdString = "delete from [order] where username=" + "'" + username + "'";
SqlCommand cmd = new SqlCommand(cmdString, sqlconnection);
cmd.ExecuteNonQuery();