附加信息:','附近的语法不正确。 [英] Additional information: incorrect syntax near ', '.
本文介绍了附加信息:','附近的语法不正确。的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
SqlConnection conn = new SqlConnection(@server = DELL-PC\SQLEXPRESS; Database = WinApp; Integrated Security = true);
SqlCommand cmd = new SqlCommand(从LoginInfo中选择count(*),其中Username = @ uname,password = @pwd,conn);
cmd.Parameters.Add(new SqlParameter(@ uname,lblunametxt.Text));
cmd.Parameters.Add(new SqlParameter(@ pwd,lblpwdtxt.Text));
conn.Open();
int noOfRowsAffected =(int)cmd.ExecuteScalar();
conn.Close();
if(noOfRowsAffected> 0)
{
MDIParent md = new MDIParent();
md.Show();
this.Hide();
}
else
{
Console.Write(凭证无效);
}
我的尝试:
SqlConnection conn = new SqlConnection(@server = DELL-PC\SQLEXPRESS; Database = WinApp; Integrated Security = true);
SqlCommand cmd = new SqlCommand(从LoginInfo中选择count(*),其中Username = @ uname,password = @pwd,conn);
cmd.Parameters.Add(new SqlParameter(@ uname,lblunametxt.Text));
cmd.Parameters.Add(new SqlParameter(@ pwd,lblpwdtxt.Text));
conn.Open();
int noOfRowsAffected =(int)cmd.ExecuteScalar();
conn.Close();
if(noOfRowsAffected> 0)
{
MDIParent md = new MDIParent();
md.Show();
this.Hide();
}
else
{
Console.Write(凭证无效);
}
解决方案
Mehdi是对的,你的SQL是错的:逗号在WHERE子句中是无效的。< br $> b $ b
但是......不要那样做!切勿以明文形式存储密码 - 这是一个主要的安全风险。有关如何在此处执行此操作的信息:密码存储:如何做到这一点。 [ ^ ]
您的SQL应该是:
选择 count(*)来自 LoginInfo 其中用户名= @ uname 和密码= @ pwd使用
AND
而不是,
以上答案是正确的......
SqlConnection conn = new SqlConnection(@"server=DELL-PC\SQLEXPRESS;Database=WinApp;Integrated Security = true"); SqlCommand cmd = new SqlCommand("select count(*) from LoginInfo where Username = @uname, password = @pwd",conn); cmd.Parameters.Add(new SqlParameter("@uname", lblunametxt.Text)); cmd.Parameters.Add(new SqlParameter("@pwd", lblpwdtxt.Text)); conn.Open(); int noOfRowsAffected = (int)cmd.ExecuteScalar(); conn.Close(); if(noOfRowsAffected > 0) { MDIParent md = new MDIParent(); md.Show(); this.Hide(); } else { Console.Write(" invalid credentials"); }
What I have tried:
SqlConnection conn = new SqlConnection(@"server=DELL-PC\SQLEXPRESS;Database=WinApp;Integrated Security = true"); SqlCommand cmd = new SqlCommand("select count(*) from LoginInfo where Username = @uname, password = @pwd",conn); cmd.Parameters.Add(new SqlParameter("@uname", lblunametxt.Text)); cmd.Parameters.Add(new SqlParameter("@pwd", lblpwdtxt.Text)); conn.Open(); int noOfRowsAffected = (int)cmd.ExecuteScalar(); conn.Close(); if(noOfRowsAffected > 0) { MDIParent md = new MDIParent(); md.Show(); this.Hide(); } else { Console.Write(" invalid credentials"); }
解决方案
Mehdi is right that your SQL is wrong: comma is not valid as part of an WHERE clause.
But ... don't do it like that! Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]
Your SQL should be :
select count(*) from LoginInfo where Username = @uname and password = @pwdUse
AND
instead of,
Above Answers are the correct...
这篇关于附加信息:','附近的语法不正确。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文