[英]Login control asp.net and CS
I have a question about ASP.NET and SQL Server database and using Visual Studio 2010. The problem is about the login control cs part. 我对ASP.NET和SQL Server数据库以及使用Visual Studio 2010有疑问。问题与登录控件CS部分有关。
I linked my form with database, need to compare login and password with ones in DB, but the line 我将表单与数据库链接,需要将登录名和密码与数据库中的登录名和密码进行比较,但该行
SqlDataReader rdr = com.ExecuteReader();
says that there is an error with syntax near "user" 说“用户”附近的语法有错误
Is it a query problem? 这是查询问题吗?
Can you help me please? 你能帮我吗?
private bool UserLogin(string userName, string password)
{
// read the coonection string from web.config
string conString = ConfigurationManager.ConnectionStrings["MidLinData"].ConnectionString;
using (System.Data.SqlClient.SqlConnection con = new System.Data.SqlClient.SqlConnection(conString))
{
con.Open();
//' declare the command that will be used to execute the select statement
// SqlCommand com = new SqlCommand("SELECT login FROM user WHERE userName = @login AND Password = @password", con);
SqlCommand com = new SqlCommand("SELECT login FROM user WHERE userName = @login ", con);
SqlCommand com2 = new SqlCommand("SELECT password FROM user WHERE password = @password ", con);
// set the username and password parameters
com.Parameters.Add("@login", SqlDbType.NVarChar).Value = userName;
SqlDataReader rdr = com.ExecuteReader();
//com.Parameters.Add("@password", SqlDbType.NVarChar).Value = password;
string result = rdr[0].ToString();
// execute the select statment
// string result = Convert.ToString(com.ExecuteScalar());
//' check the result
if (string.IsNullOrEmpty(result))
{
//invalid user/password , return flase
return false;
}
else
{
// valid login
return true;
}
return true;
}
}
Compiler says: 编译器说:
Server Error in '/visualStudioWebsite' Application.
“ / visualStudioWebsite”应用程序中的服务器错误。
Incorrect syntax near the keyword 'user'.
关键字“ user”附近的语法不正确。
Description: An unhandled exception occurred during the execution of the current web request.
说明:执行当前Web请求期间发生未处理的异常。
Please review the stack trace for more information about the error and where it originated in the code.
请查看堆栈跟踪,以获取有关错误及其在代码中起源的更多信息。
Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near the keyword 'user'.
异常详细信息:System.Data.SqlClient.SqlException:关键字'user'附近的语法不正确。
Source Error:
源错误:
Line 57: // set the username and password parameters
第57行://设置用户名和密码参数
Line 58: com.Parameters.Add("@login", SqlDbType.NVarChar).Value = userName;第58行:com.Parameters.Add(“ @ login”,SqlDbType.NVarChar).Value = userName;
Line 59: SqlDataReader rdr = com.ExecuteReader();第59行:SqlDataReader rdr = com.ExecuteReader();
Line 60: com.Parameters.Add("@password", SqlDbType.NVarChar).Value = password;第60行:com.Parameters.Add(“ @ password”,SqlDbType.NVarChar).Value =密码;
Line 61:第61行:
Source File: c:\\Users\\annasolovjova\\Desktop\\visualStudioWebsite\\login.aspx.cs Line: 59
源文件:c:\\ Users \\ annasolovjova \\ Desktop \\ visualStudioWebsite \\ login.aspx.cs行:59
You can combine both command like this: 您可以像这样组合两个命令:
SqlCommand com = new SqlCommand();
com.Connection = con;
com.CommandText = "SELECT login, password FROM user WHERE userName = @login and password = @password";
com.Parameters.AddWithValue("login", userName);
com.Parameters.AddWithValue("password", password);
user
is a reserved keyword in SQL Server - you're best bet is not to use it as a table name! user
是SQL Server中的保留关键字 -最好不要将它用作表名! And if you insist on using it, you must put it in square brackets: 如果坚持使用,则必须将其放在方括号中:
SqlCommand com = new SqlCommand("SELECT login FROM [user] WHERE userName = @login ", con);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.