Server Error in '/Bookersclient' Application.
--------------------------------------------------------------------------------在关键字 'user' 附近有语法错误。
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.SqlClient.SqlException: 在关键字 'user' 附近有语法错误。Source Error:
Line 58: SqlCommand cmd = new SqlCommand(strcmd,conn);
Line 59: conn.Open();
Line 60: SqlDataReader sdr = cmd.ExecuteReader();
Line 61:
Line 62: while(sdr.Read())
Source File: c:\inetpub\wwwroot\bookersclient\index.aspx.cs Line: 60 Stack Trace:
[SqlException: 在关键字 'user' 附近有语法错误。]
System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream)
System.Data.SqlClient.SqlCommand.ExecuteReader()
BookersClient.Index.btn_login_Click(Object sender, EventArgs e) in c:\inetpub\wwwroot\bookersclient\index.aspx.cs:60
System.Web.UI.WebControls.Button.OnClick(EventArgs e)
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
System.Web.UI.Page.ProcessRequestMain() +1292
--------------------------------------------------------------------------------在关键字 'user' 附近有语法错误。
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.SqlClient.SqlException: 在关键字 'user' 附近有语法错误。Source Error:
Line 58: SqlCommand cmd = new SqlCommand(strcmd,conn);
Line 59: conn.Open();
Line 60: SqlDataReader sdr = cmd.ExecuteReader();
Line 61:
Line 62: while(sdr.Read())
Source File: c:\inetpub\wwwroot\bookersclient\index.aspx.cs Line: 60 Stack Trace:
[SqlException: 在关键字 'user' 附近有语法错误。]
System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream)
System.Data.SqlClient.SqlCommand.ExecuteReader()
BookersClient.Index.btn_login_Click(Object sender, EventArgs e) in c:\inetpub\wwwroot\bookersclient\index.aspx.cs:60
System.Web.UI.WebControls.Button.OnClick(EventArgs e)
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
System.Web.UI.Page.ProcessRequestMain() +1292
解决方案 »
- 正则菜鸟求救 - -! ¥¥¥¥¥¥¥¥¥¥
- asp.net 调用控制台程序 获得控制台的返回值
- 母版页与内容页样式问题
- 为何我的session总是差不多15分钟左右就失效了呢
- 如http://flights.ctrip.com/Domestic/SearchFlights.aspx的"出发城市"的功能怎么实现啦!
- 什么问题能导致内容页不执行事件呢?
- 如何得到用户退出系统时间,并存入数据库?大众化问题!顶有分
- 遍历treeview,如何得到ID?
- 使用xslt导出excel的问题
- 为什么啊,我最亲密的好友就这样离开了人世啊,苍天你没长眼睛啊!
- 请教一个关于xml的问题,对我来说很重要,关于女朋友的,谢谢大家了……
- 书上的例题运行时显示“配置错误”的原因是什么?
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;
using System.Web.Security;namespace BookersClient
{
/// <summary>
/// Index 的摘要说明。
/// </summary>
public class Index : System.Web.UI.Page
{
protected System.Web.UI.WebControls.TextBox txb_id;
protected System.Web.UI.WebControls.TextBox txb_pwd;
protected System.Web.UI.WebControls.Label Label1;
protected System.Web.UI.WebControls.Button btn_login;
private void Page_Load(object sender, System.EventArgs e)
{
// 在此处放置用户代码以初始化页面
} #region Web 窗体设计器生成的代码
override protected void OnInit(EventArgs e)
{
//
// CODEGEN: 该调用是 ASP.NET Web 窗体设计器所必需的。
//
InitializeComponent();
base.OnInit(e);
}
/// <summary>
/// 设计器支持所需的方法 - 不要使用代码编辑器修改
/// 此方法的内容。
/// </summary>
private void InitializeComponent()
{
this.btn_login.Click += new System.EventHandler(this.btn_login_Click);
this.Load += new System.EventHandler(this.Page_Load); }
#endregion private void btn_login_Click(object sender, System.EventArgs e)
{
string strconn="workstation id=VSY9X2EH00XUSNV;packet size=4096;integrated security=SSPI;data source=VSY9X2EH00XUSNV;persist security info=True;initial catalog=BookersDB";
string strcmd="select userpwd from user where username='"+this.txb_id.Text.Trim()+"'";
SqlConnection conn=new SqlConnection(strconn);
SqlCommand cmd = new SqlCommand(strcmd,conn);
conn.Open();
SqlDataReader sdr = cmd.ExecuteReader();
while(sdr.Read())
{
if(this.txb_pwd.Text.Trim()==sdr["userpwd"].ToString())
{
Response.Redirect("MainForm.aspx"); }
else
{
this.Label1.Text = "密码错误或不存在该用户";
}
}
sdr.Close();
conn.Close(); }
}
}
比如select * from [user] where ...
string strcmd="select userpwd from [user] where username='"+this.txb_id.Text.Trim()+"'";还有注入式攻击漏洞,不到万不得已都不要拼接SQL语句,而应该用查询参数,比如:
string strcmd="select userpwd from [user] where username=@username";
然后用SqlParameter传入@username的值
这种错误一般就是拼写错误和关键字未加[]
user是数据库的保留词
t_user、t_date.
给你100:)