在“User_name”附近的预期条件的上下文中指定的非布尔类型的表达式。 [英] An expression of non-boolean type specified in a context where a condition is expected, near 'User_name'.
本文介绍了在“User_name”附近的预期条件的上下文中指定的非布尔类型的表达式。的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
使用System;
使用System.Collections;
使用System.Configuration;
使用System.Data;
使用System.Linq;
使用System.Web;使用System.Web.Security
;
使用System.Web.UI;
使用System.Web.UI.WebControls;
使用System.Web.UI.WebControls.WebParts;
使用System.Web.UI.HtmlControls;
使用System.Xml.Linq;
使用System.Data.SqlClient;
namespace store_2
{
public partial class regc:System.Web.UI.Page
{
protected void Page_Load(object sender,EventArgs e)
{
if(IsPostBack)
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings [registrationconnectionString]。ConnectionString);
con.Open();
string checkuser =select user(*)来自custom_nameable User_name ='+ TextBoxusername.Text +';
SqlCommand com = new SqlCommand(checkuser,con);
int temp = Convert.ToInt32(com.ExecuteScalar()。ToString());
if(temp == 1)
{
Response.Write(User alredy exixts);
}
con.Close();
}
}
protected void Button1_Click(object sender,EventArgs e)
{
try
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings [registrationconnectionString]。ConnectionString);
con.Open();
string insertQuery =insert into customertable(User_name,Name,Gender,Adress,City,State,Pin_code,mobile_no,Email_id,Password,product_id,Product_Quntity)值(@ User_name,@ Name,@ Gender,@ Adress, @市@国@ Pin_code,@ mobile_no,@ EMAIL_ID,@密码,@ PRODUCT_ID,@ Product_Quntity);
SqlCommand com = new SqlCommand(insertQuery,con);
com.Parameters.AddWithValue(@ User_name,TextBoxusername.Text);
com.Parameters.AddWithValue(@ Name,TextBoxname.Text);
com.Parameters.AddWithValue(@ Gender,TextBoxname.Text);
com.Parameters.AddWithValue(@ Adress,TextBoxadress.Text);
com.Parameters.AddWithValue(@ City,DropDownListcity.SelectedItem.ToString());
com.Parameters.AddWithValue(@ State,DropDownListstate.SelectedItem.ToString());
com.Parameters.AddWithValue(@ Pin_code,TextBoxpincode.Text);
com.Parameters.AddWithValue(@ mobile_no,TextBoxmobno.Text);
com.Parameters.AddWithValue(@ Email_id,TextBoxemail.Text);
com.Parameters.AddWithValue(@ Password,TextBoxpassword.Text);
com.ExecuteNonQuery();
Response.Redirect(admin.aspx);
Response.Write(注册成功);
con.Close();
}
catch(exception ex)
{
Response.Write(Error:+ ex.ToString());
}
}
}
}
解决方案
删除中你的sql语句
其中User_name =应该在哪里User_name =
但是,你需要改变无论如何都要进行paramterized调用,这样你就不会容易受到sql注入。
...
其中 User_name = @username ;
...
com.Parameters.AddWithValue( @username ,txtUserName.Text);
using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Xml.Linq;
using System.Data.SqlClient;
namespace store_2
{
public partial class regc : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (IsPostBack)
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["registrationconnectionString"].ConnectionString);
con.Open();
string checkuser = "select count(*)from the customertable where the User_name='" + TextBoxusername.Text + "'";
SqlCommand com = new SqlCommand(checkuser, con);
int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
if (temp == 1)
{
Response.Write("User alredy exixts");
}
con.Close();
}
}
protected void Button1_Click(object sender, EventArgs e)
{
try
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["registrationconnectionString"].ConnectionString);
con.Open();
string insertQuery = "insert into customertable(User_name,Name,Gender,Adress,City,State,Pin_code,mobile_no,Email_id,Password,product_id,Product_Quntity) values (@User_name,@Name,@Gender,@Adress,@City,@State,@Pin_code,@mobile_no,@Email_id,@Password,@product_id,@Product_Quntity)";
SqlCommand com = new SqlCommand(insertQuery, con);
com.Parameters.AddWithValue("@User_name", TextBoxusername.Text);
com.Parameters.AddWithValue("@Name", TextBoxname.Text);
com.Parameters.AddWithValue("@Gender", TextBoxname.Text);
com.Parameters.AddWithValue("@Adress", TextBoxadress.Text);
com.Parameters.AddWithValue("@City", DropDownListcity.SelectedItem.ToString());
com.Parameters.AddWithValue("@State", DropDownListstate.SelectedItem.ToString());
com.Parameters.AddWithValue("@Pin_code", TextBoxpincode.Text);
com.Parameters.AddWithValue("@mobile_no", TextBoxmobno.Text);
com.Parameters.AddWithValue("@Email_id", TextBoxemail.Text);
com.Parameters.AddWithValue("@Password", TextBoxpassword.Text);
com.ExecuteNonQuery();
Response.Redirect("admin.aspx");
Response.Write("Registration Is Successful");
con.Close();
}
catch (Exception ex)
{
Response.Write("Error:" + ex.ToString());
}
}
}
} 解决方案
Remove the "the" in your sql statement
where the User_name= should be where User_name=
However, you need to change to a paramterized call anyway so that you are not left vulnerable to sql injections.
... where the User_name= @username"; ... com.Parameters.AddWithValue("@username", txtUserName.Text);
这篇关于在“User_name”附近的预期条件的上下文中指定的非布尔类型的表达式。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
