Web.config代码如下:
<?xml version="1.0"?>
<!--
有关如何配置 ASP.NET 应用程序的详细信息,请访问
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<appSettings>
<add key="ConnectionString" value="server=.;database=db_news;UId=sa;password=1111qq;"/>
</appSettings>
<system.web>
<compilation debug="false" targetFramework="4.0" />
</system.web>
</configuration>
自定义类CommonClass.cs代码如下:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Data.SqlClient;
using System.Configuration;
using System.Data;
/// <summary>
///CommonClass 的摘要说明
/// </summary>
public class CommonClass
{
public CommonClass()
{
}
/// <summary>
/// 数据库连接类
/// </summary>
/// <returns>连接对象</returns>
public SqlConnection GetConnection()
{
string myStr = ConfigurationManager.AppSettings["ConnectionString"].ToString();
SqlConnection myConn = new SqlConnection(myStr);
return myConn;
}
/// <summary>
/// 弹出框
/// </summary>
/// <param name="TxtMessage">弹出提示信息</param>
/// <param name="Url">对话框关闭后,转到地址</param>
/// <returns></returns>
///
public string MessageBox(string TxtMessage,string Url) {
string str;
str = "<script language=javascript>alert ('"+TxtMessage+"') location='"+Url+"'</script>";
return str;
}
/// <summary>
/// 用来执行增删改功能
/// </summary>
/// <param name="sqlStr"> 操作的SQL语句</param>
/// <returns>成功返回true,失败返回FALSE</returns>
///
public Boolean ExecSQL(string sqlStr) {
SqlConnection myConn = GetConnection();
myConn.Open();
SqlCommand myCmd = new SqlCommand(sqlStr,myConn);
try
{
myCmd.ExecuteNonQuery();
myConn.Close();
}
catch {
myConn.Close();
return false;
}
return true;
}
/// <summary>
/// 返回数据源的数据集
/// </summary>
/// <param name="sqlStr">操作SQL语句</param>
/// <param name="TableName">数据表名称</param>
/// <returns>数据集DataSet</returns>
public DataSet GetDataSet(string sqlStr, string TableName) {
SqlConnection myConn = GetConnection();
myConn.Open();
SqlDataAdapter adapt = new SqlDataAdapter(sqlStr, myConn);
DataSet ds = new DataSet();
adapt.Fill(ds, TableName);
myConn.Close();
return ds;
}
/// <summary>
/// 验证登录,防止SQL注入式攻击
/// </summary>
/// <param name="loginName">用户名</param>
/// <param name="loginPwd">密码</param>
/// <returns></returns>
public int checkLogin(string loginName,string loginPwd) {
SqlConnection myConn = GetConnection();
SqlCommand myCmd = new SqlCommand( "select count(*) from tb_User where Name=@loginName and PassWord=@loginPwd",myConn);
myCmd.Parameters.Add(new SqlParameter("@loginName",SqlDbType.VarChar,20));
myCmd.Parameters["@loginName"].Value = loginName;
myCmd.Parameters.Add(new SqlParameter("@loginPwd", SqlDbType.VarChar, 50));
myCmd.Parameters["@loginPwd"].Value = loginPwd;
myConn.Open();
int i = (int)myCmd.ExecuteScalar();
myCmd.Dispose();
myConn.Close();
return i;
}
}