SqlCommand command = new SqlCommand("SELECT * FROM users WHERE Username = ? AND Password = ?", connection);
command.Parameters.AddWithValue("Username", username);
command.Parameters.AddWithValue("Password", password);
SqlDataReader reader = null;
reader = command.ExecuteReader();
当我运行程序时,我得到了
'?'附近的语法不正确。
在这一行:
reader = command.ExecuteReader();
谁能看到我做错了什么?
答案 0 :(得分:8)
using(SqlCommand command = new SqlCommand("SELECT * FROM users WHERE Username = @Username AND Password = @Password", connection))
{
command.Parameters.AddWithValue("@Username", username);
command.Parameters.AddWithValue("@Password", password);
using(SqlDataReader reader = command.ExecuteReader())
{
while(reader.Read())
{
//do actual works
}
}
}
改进了using个关键字,这不是必需的,但建议使用
答案 1 :(得分:1)
SqlCommand command = new SqlCommand(
"SELECT * FROM users WHERE Username = @Username AND Password = @Password",
connection);
command.Parameters.AddWithValue("Username", username);
command.Parameters.AddWithValue("Password", password);
SqlDataReader reader = null;
reader = command.ExecuteReader();
您可能想要阅读sql。
答案 2 :(得分:1)
您使用的是哪个DBMS?如果您使用的是SQL Server,则查询的语法不正确。你需要:
SqlCommand cmd =
new SqlCommand(@"select *
from users
where username = @username and password = @password");
command.Parameters.AddWithValue("@username", username);
command.Parameters.AddWithValue("@password", password);