解析查询时出错。 [令牌行号= 1，令牌行偏移= 27，令牌错误=用户] [英] There was an error parsing the query. [ Token line number = 1,Token line offset = 27,Token in error = user ]

问题描述

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlServerCe;
namespace khtwa
{
    public partial class Form1 : Form
    {
        
        
        public Form1()
        {
            InitializeComponent();
        }
        string msg;

        
       
        SqlCeCommand cmd;
        DataSet ds = new DataSet();
        private void textBox1_TextChanged(object sender, EventArgs e)
        {

        }

        private void button1_Click(object sender, EventArgs e)
        {
            textBox1.Text = "";
                textBox2.Text="";

                this.Close();
        }

        private void button2_Click(object sender, EventArgs e)
        {
            string y = (Application.StartupPath + "\\font.sdf");
             SqlCeConnection con = new SqlCeConnection(@"Data Source=" + y);
             con.Open();
                if (textBox1.Text == "" || textBox2.Text == "")
                {
                    MessageBox.Show(" Enter UserName and Password .");
                    return;
                }

                cmd = new SqlCeCommand("SELECT * FROM login where user='" + textBox1.Text + "' and password='" + textBox2.Text + "'", con);
                SqlCeDataAdapter da = new SqlCeDataAdapter(cmd);
               
                da.Fill(ds);
                int i = ds.Tables[0].Rows.Count;
                if (i == 1)
                {
                    msg = "Welcome " + textBox1.Text;
                    this.Hide();
                    Form2 f2 = new Form2();
                    f2.Show();
                    ds.Clear();

                }
                else
                {
                    MessageBox.Show("Not Registered User or Invalid Name/Password");
                    textBox2.Text = "";
                }
            }
           


        }
    }

推荐答案

1。首先将SQL测试到SQL服务器中，也许你为字段或表名添加了错误的名称（可能是登录而不是 login ！？），使用与应用程序中相同的测试数据。所以你应该测试下一个SQL：

SELECT * FROM login其中user ='xxx'和password ='yyyy'



2.在您确定并更正上述测试中的错误后，您可以使用C＃代码进行更正;



3.您不应该将用户输入直接连接到SQL命令文本中，因为这可能会导致SQL注入攻击;你应该使用SQL参数（ @user 和 @password ）。

1.Test your SQL into the SQL server first and maybe you put a wrong name for a field, or for table name (could be logins and not login !?), by using the same test data as in your application. So you should test the next SQL:
SELECT * FROM login where user= 'xxx' and password = 'yyyy'

2.After you will identify and correct the errors in your test above, you will can make corrections in your C# code;

3.You should not sent concatenate the user inputs directly into your SQL command text, because this could lead to SQL injection attacks; you should use SQL parameters (@user and @password).

这篇关于解析查询时出错。 [令牌行号= 1，令牌行偏移= 27，令牌错误=用户]的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！