附加信息:','附近的语法不正确。 [英] Additional information: incorrect syntax near ', '.
本文介绍了附加信息:','附近的语法不正确。的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
SqlConnection conn = new SqlConnection(@server = DELL-PC\SQLEXPRESS; Database = WinApp; Integrated Security = true);
SqlCommand cmd = new SqlCommand(从LoginInfo中选择count(*),其中Username = @ uname,password = @pwd,conn);
cmd.Parameters.Add(new SqlParameter(@ uname,lblunametxt.Text));
cmd.Parameters.Add(new SqlParameter(@ pwd,lblpwdtxt.Text));
conn.Open();
int noOfRowsAffected =(int)cmd.ExecuteScalar();
conn.Close();
if(noOfRowsAffected> 0)
{
MDIParent md = new MDIParent();
md.Show();
this.Hide();
}
else
{
Console.Write(凭证无效);
}
我的尝试:
SqlConnection conn = new SqlConnection(@server = DELL-PC\SQLEXPRESS; Database = WinApp; Integrated Security = true);
SqlCommand cmd = new SqlCommand(从LoginInfo中选择count(*),其中Username = @ uname,password = @pwd,conn);
cmd.Parameters.Add(new SqlParameter(@ uname,lblunametxt.Text));
cmd.Parameters.Add(new SqlParameter(@ pwd,lblpwdtxt.Text));
conn.Open();
int noOfRowsAffected =(int)cmd.ExecuteScalar();
conn.Close();
if(noOfRowsAffected> 0)
{
MDIParent md = new MDIParent();
md.Show();
this.Hide();
}
else
{
Console.Write(凭证无效);
}
解决方案
Mehdi是对的,你的SQL是错的:逗号在WHERE子句中是无效的。< br $> b $ b
但是......不要那样做!切勿以明文形式存储密码 - 这是一个主要的安全风险。有关如何在此处执行此操作的信息:密码存储:如何做到这一点。 [ ^ ]
您的SQL应该是:
选择 count(*)来自 LoginInfo 其中用户名= @ uname 和密码= @ pwd使用
AND而不是,
以上答案是正确的......
SqlConnection conn = new SqlConnection(@"server=DELL-PC\SQLEXPRESS;Database=WinApp;Integrated Security = true");
SqlCommand cmd = new SqlCommand("select count(*) from LoginInfo where Username = @uname, password = @pwd",conn);
cmd.Parameters.Add(new SqlParameter("@uname", lblunametxt.Text));
cmd.Parameters.Add(new SqlParameter("@pwd", lblpwdtxt.Text));
conn.Open();
int noOfRowsAffected = (int)cmd.ExecuteScalar();
conn.Close();
if(noOfRowsAffected > 0)
{
MDIParent md = new MDIParent();
md.Show();
this.Hide();
}
else
{
Console.Write(" invalid credentials");
}
What I have tried:
SqlConnection conn = new SqlConnection(@"server=DELL-PC\SQLEXPRESS;Database=WinApp;Integrated Security = true");
SqlCommand cmd = new SqlCommand("select count(*) from LoginInfo where Username = @uname, password = @pwd",conn);
cmd.Parameters.Add(new SqlParameter("@uname", lblunametxt.Text));
cmd.Parameters.Add(new SqlParameter("@pwd", lblpwdtxt.Text));
conn.Open();
int noOfRowsAffected = (int)cmd.ExecuteScalar();
conn.Close();
if(noOfRowsAffected > 0)
{
MDIParent md = new MDIParent();
md.Show();
this.Hide();
}
else
{
Console.Write(" invalid credentials");
} 解决方案
Mehdi is right that your SQL is wrong: comma is not valid as part of an WHERE clause.
But ... don't do it like that! Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]
Your SQL should be :
select count(*) from LoginInfo where Username = @uname and password = @pwdUse
ANDinstead of,
Above Answers are the correct...
这篇关于附加信息:','附近的语法不正确。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
