我正在尝试使用SQL Server数据库执行我的登录表单..但我收到错误说
''
附近的语法不正确
我收到错误的行是:
objda.Fill(objds, "adm");
我的代码是:
public partial class Form1 : Form
{
int total;
SqlConnection objc;
string c = "data source=.; initial catalog=student; integrated security=SSPI";
SqlDataAdapter objda;
DataSet objds;
SqlCommand objcmd;
public Form1()
{
InitializeComponent();
}
private void Form1_Load(object sender, EventArgs e)
{
}
private void button1_Click(object sender, EventArgs e)
{
if (objc != null)
{
objc.Open();
}
objcmd = new SqlCommand("select * form adm where Name= ' " + textBox1.Text + "',pass = ' " + textBox2.Text + "'", objc);
if (objc != null)
{
objc.Close();
}
objc = new SqlConnection(c);
objcmd = new SqlCommand("search * from adm", objc);
objda = new SqlDataAdapter(objcmd.CommandText, objc);
objds = new DataSet();
objda.Fill(objds, "adm");
total = Convert.ToInt32(objds.Tables["adm"].Rows.Count);
if (total > 0)
{
MessageBox.Show("welcome");
Class1.login = textBox1.Text;
Form2 f2 = new Form2();
this.Hide();
f2.Show();
}
else
{
}
我该怎么办?
问题出在哪里?
答案 0 :(得分:1)
除了SQL注入漏洞,缺少使用语句和明显不正确的语法(缺少AND,加上误导FROM):
您忘记打开连接。
答案 1 :(得分:0)
您必须再次打开连接
objc.Open();
并改变
select * form
到
select * from
AND
也丢失了。
答案 2 :(得分:0)
您忘记在两个条件之间放置“和”而错过拼写为form
的关键字。
objcmd = new SqlCommand("select * from adm where Name= '" + textBox1.Text + "' And pass = '" + textBox2.Text + "'", objc);
顺便说一下,您应该使用parameters
到avoid sql injection
漏洞
答案 3 :(得分:-3)
objcmd = new SqlCommand("select * form adm where Name= ' " + textBox1.Text + "',pass = ' " + textBox2.Text + "'", objc);
应该是:
objcmd = new SqlCommand("select * from adm where Name= ' " + textBox1.Text + "',pass = ' " + textBox2.Text + "'", objc);