user_add.aspx.cs

这是一个销售管理系统,里面有很多销售的功能

using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;

public partial class System_user_add : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

        if (Convert.ToString(Session["username"]) == "")
        {
            Response.Write("<script language=javascript>alert('请登录');location='../login.aspx'</script>");
        }
    }
    protected void Button1_Click(object sender, EventArgs e)
    {
        string username = Request["username"];
        string userpwd = Request["userpwd"];
        DateTime AddTime=DateTime.Now;
        stockClass sc = new stockClass();
        if (sc.validate(username))
        {
            Response.Write("<script>alert('用户名中不能含有非法字符');history.back()</script>");
            return;
        }
        if (sc.validate(userpwd))
        {
            Response.Write("<script>alert('密码中不能含有非法字符');history.back()</script>");
            return;
        }
        SqlConnection strcon = new SqlConnection(System.Configuration.ConfigurationManager.AppSettings["strcon"]);
        strcon.Open();
        SqlCommand scd = new SqlCommand("select count(*) as ff from tb_user where username='" + username + "'", strcon);
        int count = Convert.ToInt32(scd.ExecuteScalar());
        if (count > 0)
        {
            Response.Write("<script>alert('用户已经存在，请重新输入！');history.back()</script>");
            return;
        }
        try
        {
            scd.CommandText = "insert into tb_user (username,userpwd,addtime)values(@username,@userpwd,@addtime)";
            SqlParameter para = new SqlParameter("@username", SqlDbType.VarChar, 20);
            para.Value = username;
            scd.Parameters.Add(para);
            para = new SqlParameter("@userpwd", SqlDbType.VarChar, 20);
            para.Value = userpwd;
            scd.Parameters.Add(para);
            para = new SqlParameter("@AddTime",SqlDbType.DateTime);
            para.Value = AddTime;
            scd.Parameters.Add(para);
            scd.ExecuteNonQuery();
            Response.Write("<script>alert('用户添加成功');location='user_add.aspx'</script>");
        }
        catch
        {
            Response.Write("<script>alert('操作失败');location='user_add.aspx'</script>");
        }
        strcon.Close();
    }
}