我按照youtube的教程编写登录代码&注册但有错误。
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
public partial class Registration : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (IsPostBack)
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["earchConnectionString"].ConnectionString);
con.Open();
string cmdStr = "Select count(*) from user where UserName='" + TextBoxUN.Text + "'";
SqlCommand userExist = new SqlCommand(cmdStr, con);
int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());
con.Close();
if (temp == 1)
{
Response.Write("User Name Already Exist....<br /> Please Choose Another User Name.");
}
}
}
protected void Submit_Click(object sender, EventArgs e)
{
/*if (IsPostBack)
{
Response.Write("You have successfully registered");
}*/
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["earchConnectionString"].ConnectionString);
con.Open();
string insCmd = "Insert into user (UserName, Password, EmailAddress, FullName, level) values (@UserName,@Password,@EmailAddress, @FullName, @level)";
SqlCommand insertUser = new SqlCommand(insCmd, con);
insertUser.Parameters.AddWithValue("@UserName", TextBoxUN.Text);
insertUser.Parameters.AddWithValue("@Password", TextBoxPass.Text);
insertUser.Parameters.AddWithValue("@EmailAddress", TextBoxEA.Text);
insertUser.Parameters.AddWithValue("@FullName", TextBoxFN.Text);
insertUser.Parameters.AddWithValue("@level", level.SelectedItem.ToString());
try
{
insertUser.ExecuteNonQuery();
con.Close();
Response.Redirect("Login.aspx");
}
catch (Exception er)
{
Response.Write("Something wrong");
}
finally
{
//Any Special Action You Want To Add
}
}
}
但有错误消息:
关键字“user”附近的语法不正确。
描述:执行当前Web请求期间发生了未处理的异常。 &GT;请查看堆栈跟踪,以获取有关错误及其来源的详细信息。代码。
异常详细信息:System.Data.SqlClient.SqlException:不正确 关键字'user'附近的语法。
来源错误:
第18行:string cmdStr =“从用户处选择count(*) UserName ='“+ TextBoxUN.Text +”'“;第19行:SqlCommand userExist = new SqlCommand(cmdStr,con);第20行:int temp = Convert.ToInt32(userExist.ExecuteScalar()。ToString());第21行:con.Close();第22行:if(temp == 1)
源文件:c:\ inetpub \ web1 \ Registration.aspx.cs行:20
堆栈追踪:
[SqlException(0x80131904):关键字“user”附近的语法不正确。] System.Data.SqlClient.SqlConnection.OnError(SqlException异常, Boolean breakConnection)+2042118
System.Data.SqlClient.SqlInternalConnection.OnError(SQLEXCEPTION exception,Boolean breakConnection)+5043644
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning()+234
System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler,SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler,TdsParserStateObject stateObj)+2294
System.Data.SqlClient.SqlDataReader.ConsumeMetaData()+33
System.Data.SqlClient.SqlDataReader.get_MetaData()+86
System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior,String resetOptionsString)+311
System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(的CommandBehavior cmdBehavior,RunBehavior runBehavior,Boolean returnStream,Boolean async)+987
System.Data.SqlClient.SqlCommand.RunExecuteReader(的CommandBehavior cmdBehavior,RunBehavior runBehavior,Boolean returnStream,String 方法,DbAsyncResult结果)+162
System.Data.SqlClient.SqlCommand.RunExecuteReader(的CommandBehavior cmdBehavior,RunBehavior runBehavior,Boolean returnStream,String 方法)+32 System.Data.SqlClient.SqlCommand.ExecuteScalar()+139
Registration.Page_Load(Object sender,EventArgs e)in C:\的Inetpub \ web1的\ Registration.aspx.cs:20
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp,Object o,对象t,EventArgs e)+14
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e)+35 System.Web.UI.Control.OnLoad(EventArgs e)+91
System.Web.UI.Control.LoadRecursive()+74
System.Web.UI.Page.ProcessRequestMain(布尔 includeStagesBeforeAsyncPoint,Boolean includeStagesAfterAsyncPoint) 2207
有什么问题?
答案 0 :(得分:3)
用户是保留关键字。把它放在方括号内,你应该很好。
select count(*) from [user]
答案 1 :(得分:0)
使用带有表名,列的方括号总是一个好习惯。
此外,在查询中使用用户输入时使用SqlParameters以避免SQL注入..