[英]Why is this SQL statement giving me an invalid column name error?
I'm trying to use an SQL select statement to read from a database to validate a login form. 我正在尝试使用SQL select语句从数据库中读取以验证登录表单。 The problem I'm having is its telling me its an invalid column name.
我遇到的问题是它告诉我其无效的列名。
SELECT * FROM users
WHERE [username] = @theusername
AND [password] = @thepassword
where @theusername is a parameratized value of "Rymo_18", and the password is, for the sake of argument, "password". 其中,@ theusername是“ Rymo_18”的参数化值,而出于参数目的,密码是“ password”。
The errors I get are: 我得到的错误是:
Invalid column name 'Rymo_18'. 无效的列名“ Rymo_18”。
Invalid column name 'password' 无效的列名“密码”
Don't know why I'm getting those errors. 不知道为什么我会收到这些错误。 I've tried swapping the values around the = sign, tried using values directly (username = "Rymo_18") and all other matters of fiddling to fix it, and I've had no luck.
我尝试过在=号附近交换值,尝试直接使用值(用户名=“ Rymo_18”)以及其他所有要解决它的问题,但我没有运气。 There are no other tables called 'user' within my Database.
我的数据库中没有其他表称为“用户”。
EDIT: Here's the code as it appears in the C# I'm using: 编辑:这是它在我正在使用的C#中显示的代码:
string user = unametext.Text;
string pword = pwordtext.Text;
string connectionstring = WebConfigurationManager.ConnectionStrings["elmtreeconnect"].ConnectionString;
SqlConnection myconnection = new SqlConnection(connectionstring);
myconnection.Open();
string query = "SELECT * FROM users WHERE (username= @theusername OR email = @theusername) AND password = @thepassword";
SqlCommand attemptLogin = new SqlCommand(query, myconnection);
attemptLogin.Parameters.AddWithValue("@theusername", user);
attemptLogin.Parameters.AddWithValue("@thepassword", pword);
SqlDataReader rdr = attemptLogin.ExecuteReader();
if (rdr.HasRows)
{
Session["user"] = rdr["username"].ToString();
Session["id"] = rdr["id"].ToString();
Session["type"] = rdr["accountType"].ToString();
Response.Redirect("loginsuccess.aspx");
}
else
{
unametext.Text = "";
pwordtext.Text = "";
statusLabel.Text = "Login failed. Please try again, or contact info@elmtree.co.uk for assistance";
}
Thanks for the help! 谢谢您的帮助!
string query = "select 1 from users where username=@theusername and password=@password";
...
if(rdr.Read()){
...
}
exists
should be used in if exists(select...)
if exists(select...)
exists
则应使用if exists(select...)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.