如何解决查询表达式'（Username ='aa'）=（Password'aa'）'中的语法错误（缺少运算符）。 [英] how to solve Syntax error (missing operator) in query expression '(Username ='aa') = (Password'aa')'.

问题描述

嘿伙计们，我是编程的新手，我已经使用访问数据库启动了一个Loging系统但是我得到了syntex错误。我在互联网上搜索了很多但没有得到如何解决PLZ帮助...

我的代码是

 使用系统; 
 使用 System.Collections.Generic; 
 使用 System.ComponentModel; 
 使用 System.Data; 
 使用 System.Drawing; 
 使用 System.Linq; 
 使用 System.Text; 
 使用 System.Windows.Forms; 
 使用 System.Data.OleDb; 
 
 命名空间最终
 {
  public   partial   class 登录：表单
 {
  private  OleDbConnection connection =  new  OleDbConnection（）; 
  public 登录（）
 {
 InitializeComponent（）; 
 connection.ConnectionString =  @  Provider = Microsoft.ACE.OLEDB.12.0; Data Source = C：\\ \\Users\SunilK\Desktop\Final\Final\DB\Login.accdb; 
 Persist Security Info = False;; 
} 
 
  private   void  Login_Load（ object  sender，EventArgs e）
 {
  try  
 {
 connection。打开（）; 
 
 CHKConn.Text =  成功连接; 
 
 connection.Close（）; 
} 
  catch （异常snk）
 {
 MessageBox.Show（ 错误 + snk）; 
} 
} 
 
 私有  void  textBox2_TextChanged（  object  sender，EventArgs e）
 {
 
} 
 
  private   void  btnLogin_Click（ object  sender，EventArgs e）
 {
 connection.Open（）; 
 
 OleDbCommand command =  new  OleDbCommand（）; 
 command.Connection = connection; 
 command.CommandText =  从[LoginDB]中选择count（*）其中（Username =' + txtUsername.Text +  '）=（密码' + txtPassword.Text +  '）; 
 
 OleDbDataReader reader = command.ExecuteReader（）; 
  int  count =  0 ; 
  while （reader.Read（））
 {
 count = count +  1 ; 
} 
 
  if （count ==  1 ）
 {
 MessageBox.Show（ 登录成功）; 
} 
  else  
 {
 MessageBox.Show（  unforcessfully登录）; 
} 
 connection.Close（）; 
} 
} 
} 

提前感谢您的帮助

解决方案

因为您没有使用参数化查询，所以结果SQL语句如下所示：

从[LoginDB]中选择count（*）其中（用户名='用户名'）=（密码'密码'）

查看该语句有问题？



由于字符串连接，你在代码中没有看到问题。使用参数化查询代码，代码变得更容易阅读。

 CommandText =选择COUNT（*）FROM [LoginDB] WHERE Username = @username AND Password = @password ; 

Google用于C＃参数化查询以获得更多讨论和示例。



谷歌的SQL注入，找出你目前正在做的事情是如此不安全和危险。



谷歌如何存储密码找出为什么以明文形式存储密码会使你的安全问题更严重。

这一行看起来不正确

命令.CommandText =  从[LoginDB]中选择count（*），其中（Username =' + txtUsername。 Text +  '）=（密码' + txtPassword.Text +  '）; 

尝试

 command.CommandText =  从[LoginDB]中选择count（*）其中（Username =' + txtUsername.Text +  '）AND（Password =' + txtPassword.Text +  '） ; 

在密码

之前删除了额外的引号

hey guys, i'm new to programming and i have started a Loging system using access database but im getting syntex error. i searched a lot in internet but not getting how to solve plz help...
my code is

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.OleDb;

namespace Final
{
    public partial class Login : Form
    {
        private OleDbConnection connection = new OleDbConnection();
        public Login()
        {
            InitializeComponent();
            connection.ConnectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\SunilK\Desktop\Final\Final\DB\Login.accdb;
Persist Security Info=False;";
        }

        private void Login_Load(object sender, EventArgs e)
        {
            try
            {
                connection.Open();

                CHKConn.Text = "Connected Sucessfully";

                connection.Close();
            }
            catch (Exception snk)
            {
                MessageBox.Show("Error  " + snk);
            }
        }

        private void textBox2_TextChanged(object sender, EventArgs e)
        {

        }

        private void btnLogin_Click(object sender, EventArgs e)
        {
            connection.Open();

            OleDbCommand command = new OleDbCommand();
            command.Connection = connection;
            command.CommandText = "select count(*) from [LoginDB] where (Username ='" + txtUsername.Text + "') = (Password'" + txtPassword.Text + "')";

            OleDbDataReader reader = command.ExecuteReader();
            int count = 0;
            while (reader.Read())
            {
                count = count + 1;
            }

            if (count == 1)
            {
                MessageBox.Show("Login Sucessfully");
            }
            else
            {
                MessageBox.Show("Login unSucessfully");
            }
            connection.Close();
        }
    }
}

thanks in advance for your help

解决方案

Because you're not using parameterized queries your result SQL statement looks like this:

select count(*) from [LoginDB] where (Username ='username') = (Password'password')

See anything wrong with that statement?

Because of the string concatenation stuff you're not seeing the problem in your code. Use parameterized queries instead and the code becomes much easier to read.

CommandText = "Select COUNT(*) FROM [LoginDB] WHERE Username = @username AND Password = @password";

Google for "C# Parameterized Queries" for a lot more discussion and examples.

Google for "SQL Injection" to find out why what you're currently doing is so insecure and dangerous.

Google for "How to store passwords" to find out why storing passwords in plain text is making your security problem even worse.

This line looks incorrect

command.CommandText = "select count(*) from [LoginDB] where (Username ='" + txtUsername.Text + "') = (Password'" + txtPassword.Text + "')";

try

command.CommandText = "select count(*) from [LoginDB] where (Username ='" + txtUsername.Text + "') AND (Password ='" + txtPassword.Text + "')";

[Edit]
Removed extra citation mark before Password

这篇关于如何解决查询表达式'（Username ='aa'）=（Password'aa'）'中的语法错误（缺少运算符）。的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！