表名 users 里面有字段:id,username,password
SqlConnection conn = new SqlConnection();
conn.ConnectionString = 连接字符串;
conn.Open();
SqlCommand comm = conn.CreateCommand();
comm.Connection = conn;
comm.CommandText = "Select id,password from users wheres username='"+ TextBox1.Text.Trim()+"'";
IDataReader read = comm.ExecuteReader();
try
{
if (read.Read())
{
if (read.GetString(1) == name)
{
userid = read.GetInt32(0).ToString();
Session["userid"] = userid;
Response.Redirect("bbs.aspx");
}
else
{
Response.Write("<script>alter(‘用户密码不正确!’);</script>");
}
}
else
{
Response.Write("<script>alter(‘没有此用户!’);</script>");
}
}
finally
{
read.Close();
conn.Close();
conn.Dispose();
}
}
}
运行时报错说:
'username' 附近有语法错误。
我找了一天还没解决,哪位朋友能指点下啊?
------解决方案--------------------------------------------------------
Select id,password from users wheres username='"+ TextBox1.Text.Trim()+"'";
where
------解决方案--------------------------------------------------------
- C# code
SqlConnection conn = new SqlConnection(); conn.ConnectionString = 连接字符串; conn.Open(); SqlCommand comm = conn.CreateCommand(); comm.Connection = conn; comm.CommandText = "Select id,password from users wheres username='"+ TextBox1.Text.Trim()+"'"; //"wheres"错误就在这儿。多了个SIDataReader read = comm.ExecuteReader(); try { if (read.Read()) { if (read.GetString(1) == name) { userid = read.GetInt32(0).ToString(); Session["userid"] = userid; Response.Redirect("bbs.aspx"); } else { Response.Write(" <script>alter(‘用户密码不正确!’); </script>"); } } else { Response.Write(" <script>alter(‘没有此用户!’); </script>"); } } finally { read.Close(); conn.Close(); conn.Dispose(); } } }
------解决方案--------------------------------------------------------
Select id,password from users where username='"+ TextBox1.Text.Trim().Replace("'","")+"'
where 多了s