如何摆脱此错误并成功保存数据库中的详细信息 [英] How do I get rid of this error and successfully save the details in my databse
问题描述
第18行:字符串checkuser =select(*)from Table where [UserName] ='+ TextBoxUsername.Text +';
第19行:SqlCommand com = new SqlCommand(checkuser,conn);
第20行:int temp = Convert.ToInt32(com.ExecuteScalar()。ToString());
第21行: if(temp == 1)
第22行:{
大家好,我遇到过这个错误,上面写着类型例外 System.Data.dll中发生'System.Data.SqlClient.SqlException',但未在用户代码中处理
附加信息:'*'附近的语法不正确。它指向第20行。
我是初学者,正在努力学习Asp.net。如果有人有解决方案,请帮帮我。
P.S:我也看到另一个人有同样的错误,我试图改变代码,但仍然有同样的问题。提前致谢
我尝试过:
使用系统;
使用System.Collections.Generic;
使用System.Linq;
使用System.Web;
使用System.Web.UI;
使用System.Web.UI.WebControls;
使用System.Data.SqlClient;
使用System.Configuration ;
公共部分类注册:System.Web.UI.Page
{
protected void Page_Load(对象发送者,EventArgs e)
{
if(IsPostBack){
SqlConnection conn = new SqlConnection( ConfigurationManager.ConnectionStrings [RegistrationConnectionString]。ConnectionString);
conn.Open();
string checkuser =select(*)from Table where [UserName] =' + TextBoxUsername.Text +';
SqlCommand com = new SqlCommand(checkuser,conn);
int temp = Con vert.ToInt32(com.ExecuteScalar()。ToString());
if(temp == 1)
{
Response.Write (用户已存在);
}
conn.Close();
}
}
protected void Button1_Click(对象发送者,EventArgs e)
{
尝试{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings [RegistrationConnectionString]。ConnectionString);
conn.Open();
string insertQuery =插入表(UserName,Email,Password,Country)值(@ Uname,@ email,@ password,@ country);
SqlCommand com = new SqlCommand(insertQuery,conn);
com.Parameters.AddWithValue(@ Uname,TextBoxUsername.Text);
com.Parameters.AddWithValue(@ email ,TextBoxE mailid.Text);
com.Parameters.AddWithValue(@ password,TextBoxpassword.Text);
com.Parameters.AddWithValue(@ country,DropDownListCountries。 SelectedItem.ToString());
com.ExecuteNonQuery();
Response.Redirect(Manager.aspx);
响应。写(注册成功);
conn.Close();
}
catch(例外ex){
Response.Write(错误:+ ex.ToString());
}
}
}
Line 18: string checkuser = "select(*)from Table where [UserName] = '"+TextBoxUsername.Text+ "'";
Line 19: SqlCommand com = new SqlCommand(checkuser, conn);
Line 20: int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
Line 21: if(temp == 1)
Line 22: {
Hello folks, I have encountered this error which says "An exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll but was not handled in user code
Additional information: Incorrect syntax near '*'. " and its pointing towards Line 20.
I'm a beginner ,trying to learn Asp.net. Please help me out if anyone has a solution.
P.S : i also saw the other guy has same error, and i tried to change the code,but still have the same problem. Thanks in advance
What I have tried:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
public partial class Registration : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if(IsPostBack){
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["RegistrationConnectionString"].ConnectionString);
conn.Open();
string checkuser = "select(*)from Table where [UserName] = '"+TextBoxUsername.Text+ "'";
SqlCommand com = new SqlCommand(checkuser, conn);
int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
if(temp == 1)
{
Response.Write("User already exists");
}
conn.Close();
}
}
protected void Button1_Click(object sender, EventArgs e)
{
try{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["RegistrationConnectionString"].ConnectionString);
conn.Open();
string insertQuery = "insert into Table (UserName,Email,Password,Country) values (@Uname,@email,@password,@country)";
SqlCommand com = new SqlCommand(insertQuery, conn);
com.Parameters.AddWithValue("@Uname", TextBoxUsername.Text);
com.Parameters.AddWithValue("@email", TextBoxEmailid.Text);
com.Parameters.AddWithValue("@password", TextBoxpassword.Text);
com.Parameters.AddWithValue("@country", DropDownListCountries.SelectedItem.ToString());
com.ExecuteNonQuery();
Response.Redirect("Manager.aspx");
Response.Write("Registration is successful");
conn.Close();
}
catch(Exception ex){
Response.Write("Error :" +ex.ToString());
}
}
}
推荐答案
可能是数据库表的名称:TABLE是一个SQL保留的单词,这可能会使SQL命令解析器感到困惑。
最好的解决方案是:不要将表调用为表,因为它不是它包含的描述性名称。称之为学生,客户或用户。
最糟糕的解决方案是:用方括号括起保留字:SELECT * FROM [Table]而不是SELECT * FROM Table
但是......不要这样做像那样!永远不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询。当您查看注册页面或登录页面时,这绝对是至关重要的,因为连接允许未登录的用户完全控制您的数据库......
Probably, it the name of your database table:TABLEis an SQL reserved word and that is probably confusing the SQL command parser.
The best solution is: don't call your table "Table" as it's not a descriptive name for what it contains. Call it "Students", or "Customers", or "Users".
The worst solution is: surround the reserved word with square brackets:SELECT * FROM [Table]instead ofSELECT * FROM Table
But ... Don;t do it like that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. This is absolutely critical when you are looking at registration or login pages as concatenation allows non-logged in users full control of your database ...
试试这个:
string checkuser =从[Table]中选择COUNT(*),其中[UserName] ='+ TextBoxUsername.Text +';
SqlCommand com = new SqlCommand(checkuser,conn);
if(Convert.ToInt32(com.ExecuteScalar())== 1)
{...
Try this:
string checkuser = "select COUNT(*) from [Table] where [UserName] = '"+TextBoxUsername.Text+ "'";
SqlCommand com = new SqlCommand(checkuser, conn);
if (Convert.ToInt32(com.ExecuteScalar()) == 1)
{...
这篇关于如何摆脱此错误并成功保存数据库中的详细信息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
