我在学校有一个项目,我需要将我的注册页面与数据库连接起来。 我有这段代码:
if (Request.Form["submit"] != null)
{
string fName = Request.Form["fName"];
string lName = Request.Form["lName"];
string Passwod = Request.Form["Passwod"];
string email = Request.Form["email"];
string add = Request.Form["add"];
string RegStatus;
if ((fName == "") || (lName == "") || (Passwod == "") || (email == "") || (add == ""))
{
RegStatus = ("missing data or wrong data");
}
else
{
string selectQuery = "SELECT * FROM " + "[Users]";
selectQuery += " WHERE ";
selectQuery += " email = '" + Request.Form["email"] + "'";
if (MyAdoHelper.IsExist(selectQuery))
{
RegStatus = ("email does not exists");
}
else
{
string insertQuery = "INSERT INTO [Users] (fName,lName,Passwod, email,add) VALUES ('";
insertQuery += fName + "', '" + lName +"','" + Passwod + "', '" + email + "','" + add +"')";
Response.Write(insertQuery);
MyAdoHelper.DoQuery(insertQuery);
RegStatus = ("Registeration was successful ");
}
}
Response.Write(RegStatus);
Response.End();
}
填写数据后(运行后)得到的错误是:
System.Data.SqlClient.SqlException:关键字附近的语法不正确 '添加'
来源错误:
public static void DoQuery(string sql)
{
SqlConnection conn = ConnectToDb();
conn.Open();
SqlCommand com = new SqlCommand(sql, conn);
com.ExecuteNonQuery(); //* it says the error is in this line. //*
com.Dispose();
conn.Close();
}
答案 0 :(得分:3)
add
是SQL上的关键字。如果您有一个这样的字段,则必须使用括号:
INSERT INTO [Users] (fName,lName,Passwod, email,[add]) VALUES...
另外,正如已经评论过的那样,使用参数而不是字符串连接是非常重要的: