新人学习 求助 什么是列名Admin无效!
数据库里面 就两个字段 用户名 admin 密码 admin
protected void Page_Load(object sender, EventArgs e) {
}
protected void Button1_Click(object sender, EventArgs e)
{
string user = TextName.Text;
// string pwd = TextPwd.Text;
SqlConnection conn = new SqlConnection("Server=(local);database=OA_info;uid=sa;pwd=000000;");
conn.Open();
SqlCommand cmd = new SqlCommand("select * from Admin_user where UserName="+user, conn);// and UserPwd='+pwd
int cnt=(int)cmd.ExecuteScalar();
if(cnt==1)
{
Response.Redirect("up.aspx");
}
else
{
Response.Redirect("login.aspx");
}
}
一模一样的?
这里应该是select * from Admin_user where UserName=‘"+user+“’”吧
SqlCommand cmd = new SqlCommand("select * from Admin_user where UserName='"+user+"'", conn);// and UserPwd='+pwd
, conn);//
{
string user = TextName.Text;
string pwd = TextPwd.Text;
SqlConnection conn = new SqlConnection("Server=(local);database=OA_info;uid=sa;pwd=000000;");
conn.Open();
SqlCommand cmd = conn.CreateCommand();
cmd.CommandText = "select * from Admin_user where UserName=@username and UserPwd=@userpwd";
cmd.Parameters.AddWithValue("@username", user);
cmd.Parameters.AddWithValue("@userpwd", pwd);
int cnt=(int)cmd.ExecuteScalar();
if(cnt==1)
{
Response.Redirect("up.aspx");
}
else
{
Response.Redirect("login.aspx");
}
}
改成SqlCommand cmd = new SqlCommand("select * from Admin_user where UserName='"+user+"'", conn)
sql语句中的字符要加引号,要不会被当成列之类的对象处理