登录控件asp.net和CS
[英]Login control asp.net and CS
问题描述
I have a question about ASP.NET and SQL Server database and using Visual Studio 2010. The problem is about the login control cs part. 
我对ASP.NET和SQL Server数据库以及使用Visual Studio 2010有疑问。问题与登录控件CS部分有关。
I linked my form with database, need to compare login and password with ones in DB, but the line 我将表单与数据库链接,需要将登录名和密码与数据库中的登录名和密码进行比较,但该行
SqlDataReader rdr = com.ExecuteReader();
says that there is an error with syntax near "user" 说“用户”附近的语法有错误
Is it a query problem? 这是查询问题吗?
Can you help me please? 你能帮我吗?
private bool UserLogin(string userName, string password)
{
// read the coonection string from web.config
string conString = ConfigurationManager.ConnectionStrings["MidLinData"].ConnectionString;
using (System.Data.SqlClient.SqlConnection con = new System.Data.SqlClient.SqlConnection(conString))
{
con.Open();
//' declare the command that will be used to execute the select statement
// SqlCommand com = new SqlCommand("SELECT login FROM user WHERE userName = @login AND Password = @password", con);
SqlCommand com = new SqlCommand("SELECT login FROM user WHERE userName = @login ", con);
SqlCommand com2 = new SqlCommand("SELECT password FROM user WHERE password = @password ", con);
// set the username and password parameters
com.Parameters.Add("@login", SqlDbType.NVarChar).Value = userName;
SqlDataReader rdr = com.ExecuteReader();
//com.Parameters.Add("@password", SqlDbType.NVarChar).Value = password;
string result = rdr[0].ToString();
// execute the select statment
// string result = Convert.ToString(com.ExecuteScalar());
//' check the result
if (string.IsNullOrEmpty(result))
{
//invalid user/password , return flase
return false;
}
else
{
// valid login
return true;
}
return true;
}
}
Compiler says: 编译器说:
Server Error in '/visualStudioWebsite' Application.
Incorrect syntax near the keyword 'user'.
Description: An unhandled exception occurred during the execution of the current web request.
Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near the keyword 'user'.
Source Error:
Line 57: // set the username and password parameters
Line 58: com.Parameters.Add("@login", SqlDbType.NVarChar).Value = userName;
Line 59: SqlDataReader rdr = com.ExecuteReader();
Line 60: com.Parameters.Add("@password", SqlDbType.NVarChar).Value = password;
Line 61:Source File: c:\\Users\\annasolovjova\\Desktop\\visualStudioWebsite\\login.aspx.cs Line: 59
2 个解决方案
解决方案1
0 2013-10-30 23:02:34
You can combine both command like this: 您可以像这样组合两个命令:
SqlCommand com = new SqlCommand();
com.Connection = con;
com.CommandText = "SELECT login, password FROM user WHERE userName = @login and password = @password";
com.Parameters.AddWithValue("login", userName);
com.Parameters.AddWithValue("password", password);
解决方案2
0 已采纳 2015-07-28 19:39:01
user is a reserved keyword in SQL Server - you're best bet is not to use it as a table name! user是SQL Server中的保留关键字 -最好不要将它用作表名! And if you insist on using it, you must put it in square brackets: 如果坚持使用,则必须将其放在方括号中:
SqlCommand com = new SqlCommand("SELECT login FROM [user] WHERE userName = @login ", con);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.