在关键字 'user' 附近有语法错误。
异常详细信息: System.Data.SqlClient.SqlException: 在关键字 'user' 附近有语法错误。
源错误:
行 38: Response.Write(mysql);
行 39: SqlCommand mycmd=new SqlCommand(mysql,myconn);
行 40: SqlDataReader mydr = mycmd.ExecuteReader();
行 41: try
行 42: {
源文件: c:/Inetpub/wwwroot/vote/login.aspx.cs 行: 40
string UserName = tbxaccount.Text.ToString();
string Password = tbxpwd.Text.ToString();
if (UserName == "" | Password == "")
{
lblerr.Visible = true;
lblerr.Text = "请输入用户名和密码";
}
else
{
string settings=Convert.ToString(ConfigurationManager.ConnectionStrings["MySqlConnection"]);
SqlConnection myconn=new SqlConnection(settings);
myconn.Open();
string mysql = "select * from user where userName="+"'"+UserName+"'"+"And userPwd=" + "'" + Password + " ' ";
SqlCommand mycmd=new SqlCommand(mysql,myconn);
SqlDataReader mydr = mycmd.ExecuteReader();
try
{
if(mydr.Read())
{
lblerr.Visible = true;
lblerr.Text = "登录成功";
}
else
{
lblerr.Visible=true;
lblerr.Text="用户名或密码错误";
}
}
finally
{
mydr.Close();
myconn.Close();
}
}
最佳答案
string mysql = "select * from user where userName="+"'"+UserName+"'"+"And userPwd=" + "'" + Password + " ' ";
user属于sql里的关键字,所以会报错,一般不要用关键字作为表名,如果关键字做表名用[]括起来,
string mysql = "select * from [user] where userName="+"'"+UserName+"'"+"And userPwd=" + "'" + Password + " ' ";