解析查询时出错。 [令牌行号= 1,令牌行偏移= 27,令牌错误=用户] [英] There was an error parsing the query. [ Token line number = 1,Token line offset = 27,Token in error = user ]
本文介绍了解析查询时出错。 [令牌行号= 1,令牌行偏移= 27,令牌错误=用户]的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlServerCe;
namespace khtwa
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
string msg;
SqlCeCommand cmd;
DataSet ds = new DataSet();
private void textBox1_TextChanged(object sender, EventArgs e)
{
}
private void button1_Click(object sender, EventArgs e)
{
textBox1.Text = "";
textBox2.Text="";
this.Close();
}
private void button2_Click(object sender, EventArgs e)
{
string y = (Application.StartupPath + "\\font.sdf");
SqlCeConnection con = new SqlCeConnection(@"Data Source=" + y);
con.Open();
if (textBox1.Text == "" || textBox2.Text == "")
{
MessageBox.Show(" Enter UserName and Password .");
return;
}
cmd = new SqlCeCommand("SELECT * FROM login where user='" + textBox1.Text + "' and password='" + textBox2.Text + "'", con);
SqlCeDataAdapter da = new SqlCeDataAdapter(cmd);
da.Fill(ds);
int i = ds.Tables[0].Rows.Count;
if (i == 1)
{
msg = "Welcome " + textBox1.Text;
this.Hide();
Form2 f2 = new Form2();
f2.Show();
ds.Clear();
}
else
{
MessageBox.Show("Not Registered User or Invalid Name/Password");
textBox2.Text = "";
}
}
}
}
推荐答案
1。首先将SQL测试到SQL服务器中,也许你为字段或表名添加了错误的名称(可能是登录
而不是login
!?),使用与应用程序中相同的测试数据。所以你应该测试下一个SQL:
SELECT * FROM login其中user ='xxx'和password ='yyyy'
2.在您确定并更正上述测试中的错误后,您可以使用C#代码进行更正;
3.您不应该将用户输入直接连接到SQL命令文本中,因为这可能会导致SQL注入攻击;你应该使用SQL参数(@user
和@password
)。
1.Test your SQL into the SQL server first and maybe you put a wrong name for a field, or for table name (could belogins
and notlogin
!?), by using the same test data as in your application. So you should test the next SQL:
SELECT * FROM login where user= 'xxx' and password = 'yyyy'
2.After you will identify and correct the errors in your test above, you will can make corrections in your C# code;
3.You should not sent concatenate the user inputs directly into your SQL command text, because this could lead to SQL injection attacks; you should use SQL parameters (@user
and@password
).
这篇关于解析查询时出错。 [令牌行号= 1,令牌行偏移= 27,令牌错误=用户]的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文