表格名称附近的C#语法错误 [英] C# Syntax Error Near Table Name
问题描述
尝试检查C#中3层项目的登录凭据时遇到问题.
I am having some problem when trying to check login credential for 3-tier project in C#.
当前,我有一个名为User的表,其中包含userName和password列.
Currently, I have a table named User with userName and password columns.
在我的BusinessLogicLayer中,我得到用户输入并将其传递给dataAccessLayer:
In my BusinessLogicLayer, I get the user input and pass them to dataAccessLayer:
public string checkCredential(string userName, string password)
{
string returnMessage = "";
User user = new User(userName, password);
Boolean success = user.checkCredential();
if (!success)
{
returnMessage += "Username and password does not match!";
}
else
{
returnMessage = "";
}
return returnMessage;
}
在我的数据访问层中,我有一种方法来检查登录凭据:
In my Data Access Layer, I got a method to check for login creddential:
public Boolean checkCredential()
{
Boolean result = false;
using (var connection = new SqlConnection(FFTHDb.connectionString)) // get your connection string from the other class here
{
SqlCommand command = new SqlCommand("SELECT userName, password FROM User WHERE userName = '" + userName + "' AND password = '" + password + "'", connection);
connection.Open();
using (var dr = command.ExecuteReader())
{
if (dr.Read())
{
result = true;
}
}
}
return result;
}
然后我得到了一个单独的类来设置连接字符串:
And I got a separated class to set the connection string:
public static string connectionString = DataAccessLayer.Properties.Settings.Default.DBConnStr;
public static SqlDataReader executeReader(string query)
{
SqlDataReader result = null;
System.Diagnostics.Debug.WriteLine("FFTHDb executeReader: " + query);
SqlConnection connection = new SqlConnection(connectionString);
SqlCommand command = new SqlCommand(query, connection);
connection.Open();
result = command.ExecuteReader();
connection.Close();
return result;
}
没有编译错误.我仔细检查了数据库中的表名和列.但是,它只是一直告诉我用户附近有语法错误.我不知道为什么会这样.
There is no compilation errors. And I double checked for the table name and columns in database. However, it just keeps telling me that there is syntax error near User. I wonder why is it so.
谢谢.
推荐答案
User
是 保留关键字 .您应该将其与方括号(例如[User]
还使用 参数化查询 总是一个好习惯.
Also using parameterized queries always a good practice.
并且永远不要以纯文本形式存储密码!!请使用 SHA-512哈希.
这篇关于表格名称附近的C#语法错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!