问题:SqlException未处理

时间:2012-11-03 06:49:10

标签: c# sql-server

我正在尝试使用SQL Server数据库执行我的登录表单..但我收到错误说

  

''

附近的语法不正确

我收到错误的行是:

objda.Fill(objds, "adm");

我的代码是:

public partial class Form1 : Form
{
    int total;
    SqlConnection objc;
    string c = "data source=.; initial catalog=student; integrated security=SSPI";
    SqlDataAdapter objda;
    DataSet objds;
    SqlCommand objcmd;

    public Form1()
    {
        InitializeComponent();
    }

    private void Form1_Load(object sender, EventArgs e)
    {
    }

    private void button1_Click(object sender, EventArgs e)
    {
        if (objc != null)
        {
            objc.Open();
        }
        objcmd = new SqlCommand("select * form adm where Name= ' " + textBox1.Text + "',pass = ' " + textBox2.Text + "'", objc);
        if (objc != null)
        {
            objc.Close();
        }
        objc = new SqlConnection(c);
        objcmd = new SqlCommand("search * from adm", objc);
        objda = new SqlDataAdapter(objcmd.CommandText, objc);
        objds = new DataSet();
        objda.Fill(objds, "adm");

        total = Convert.ToInt32(objds.Tables["adm"].Rows.Count);
        if (total > 0)
        {
            MessageBox.Show("welcome");
            Class1.login = textBox1.Text;
            Form2 f2 = new Form2();
            this.Hide();
            f2.Show();
        }
        else
        {
        }

我该怎么办?

问题出在哪里?

4 个答案:

答案 0 :(得分:1)

除了SQL注入漏洞,缺少使用语句和明显不正确的语法(缺少AND,加上误导FROM):

您忘记打开连接。

答案 1 :(得分:0)

您必须再次打开连接

  objc.Open();

并改变

select * form

select * from

AND也丢失了。

答案 2 :(得分:0)

您忘记在两个条件之间放置“和”而错过拼写为form的关键字。

objcmd = new SqlCommand("select * from adm where Name= '" + textBox1.Text + "' And pass = '" + textBox2.Text + "'", objc);

顺便说一下,您应该使用parametersavoid sql injection漏洞

答案 3 :(得分:-3)

objcmd = new SqlCommand("select * form adm where Name= ' " + textBox1.Text + "',pass = ' " + textBox2.Text + "'", objc);

应该是:

objcmd = new SqlCommand("select * from adm where Name= ' " + textBox1.Text + "',pass = ' " + textBox2.Text + "'", objc);