我是用的ASP。NET 做的啊!
我有两个TABLE,一个是SG,一个是MD;它出现的错误是:
{"语法错误 (操作符丢失) 在查询表达式 ''111' username='li'' 中。" } 请问下,前面一直没有错误,就执行到catch(Exception ex)时,开始出现错误,我总觉得是不是UPDATE语句错了,那该怎么搞啊!高手请教下: public class dengru : System.Web.UI.Page
{
protected System.Web.UI.HtmlControls.HtmlInputHidden step;
protected System.Web.UI.HtmlControls.HtmlTable sg;
protected System.Web.UI.HtmlControls.HtmlInputText uid;
protected System.Web.UI.HtmlControls.HtmlInputText psw;
protected System.Web.UI.HtmlControls.HtmlTable md;
protected internal System.Data.OleDb.OleDbCommand upd;
protected System.Data.OleDb.OleDbDataAdapter da;
protected System.Data.OleDb.OleDbConnection cnn;
protected System.Data.OleDb.OleDbCommand oleDbSelectCommand1;
protected System.Data.OleDb.OleDbCommand oleDbInsertCommand1;
protected System.Data.OleDb.OleDbCommand oleDbUpdateCommand1;
protected System.Data.OleDb.OleDbCommand oleDbDeleteCommand1;
protected System.Web.UI.HtmlControls.HtmlInputText uid1;
private void Page_Load(object sender, System.EventArgs e)
{
// 在此处放置用户代码以初始化页面
if(!this.IsPostBack)
{
sg.Visible=true;
md.Visible=false;
return;
}
string s=this.Request.Form["step"];
switch(s)
{
case "1":
{
string uid=this.Request.Form["uid"].Replace("'","").Replace ("\'","");
string psw=this.Request.Form["psw"].Replace("'","").Replace("\'","");
da.SelectCommand.Parameters["userid"].Value=uid;
da.SelectCommand.Parameters["password"].Value=psw;
DataTable dt=new DataTable();
da.Fill(dt);
if(dt.Rows.Count==1)
{
step.Value="2";
sg.Visible=false;
md.Visible=true;
uid1.Value=dt.Rows[0]["userid"].ToString();
}
else
{
this.Response.Write("密码错误!请重新注册!");
}
}
break;
case "2":
{
try
{
string psw1=this.Request.Form["psw1"];
string unm=this.Request.Form["unm"];
string uid1=this.Request.Form["uid1"];
//修改密码,但是不成功!
upd.CommandText=@"update [user] set [password]='"+psw1+@"' username='"+unm+@"' where userid='"+uid1+@"'";
upd.Connection=cnn;
cnn.Open();
int ok=0;
try
{
ok=upd.ExecuteNonQuery ();
}
catch(Exception ex)
{
if(ex.Message==null)
{
}
}
if(ok==1)
{
this.Response.Write("success");
}
else
{
this.Response.Write("登录成功!是否要修改密码?");
}
}
finally
{
cnn.Close();
}
}
break;
}
}
我有两个TABLE,一个是SG,一个是MD;它出现的错误是:
{"语法错误 (操作符丢失) 在查询表达式 ''111' username='li'' 中。" } 请问下,前面一直没有错误,就执行到catch(Exception ex)时,开始出现错误,我总觉得是不是UPDATE语句错了,那该怎么搞啊!高手请教下: public class dengru : System.Web.UI.Page
{
protected System.Web.UI.HtmlControls.HtmlInputHidden step;
protected System.Web.UI.HtmlControls.HtmlTable sg;
protected System.Web.UI.HtmlControls.HtmlInputText uid;
protected System.Web.UI.HtmlControls.HtmlInputText psw;
protected System.Web.UI.HtmlControls.HtmlTable md;
protected internal System.Data.OleDb.OleDbCommand upd;
protected System.Data.OleDb.OleDbDataAdapter da;
protected System.Data.OleDb.OleDbConnection cnn;
protected System.Data.OleDb.OleDbCommand oleDbSelectCommand1;
protected System.Data.OleDb.OleDbCommand oleDbInsertCommand1;
protected System.Data.OleDb.OleDbCommand oleDbUpdateCommand1;
protected System.Data.OleDb.OleDbCommand oleDbDeleteCommand1;
protected System.Web.UI.HtmlControls.HtmlInputText uid1;
private void Page_Load(object sender, System.EventArgs e)
{
// 在此处放置用户代码以初始化页面
if(!this.IsPostBack)
{
sg.Visible=true;
md.Visible=false;
return;
}
string s=this.Request.Form["step"];
switch(s)
{
case "1":
{
string uid=this.Request.Form["uid"].Replace("'","").Replace ("\'","");
string psw=this.Request.Form["psw"].Replace("'","").Replace("\'","");
da.SelectCommand.Parameters["userid"].Value=uid;
da.SelectCommand.Parameters["password"].Value=psw;
DataTable dt=new DataTable();
da.Fill(dt);
if(dt.Rows.Count==1)
{
step.Value="2";
sg.Visible=false;
md.Visible=true;
uid1.Value=dt.Rows[0]["userid"].ToString();
}
else
{
this.Response.Write("密码错误!请重新注册!");
}
}
break;
case "2":
{
try
{
string psw1=this.Request.Form["psw1"];
string unm=this.Request.Form["unm"];
string uid1=this.Request.Form["uid1"];
//修改密码,但是不成功!
upd.CommandText=@"update [user] set [password]='"+psw1+@"' username='"+unm+@"' where userid='"+uid1+@"'";
upd.Connection=cnn;
cnn.Open();
int ok=0;
try
{
ok=upd.ExecuteNonQuery ();
}
catch(Exception ex)
{
if(ex.Message==null)
{
}
}
if(ok==1)
{
this.Response.Write("success");
}
else
{
this.Response.Write("登录成功!是否要修改密码?");
}
}
finally
{
cnn.Close();
}
}
break;
}
}
upd.CommandText=@"update [user] set [password]='"+psw1+@"' username='"+unm+@"' where userid='"+uid1+@"'";
这就是我的UPDATE语句啊!有没错啊!
SELECT [password] AS Expr1, userid AS Expr2, [password], userid, username FROM [user] WHERE ([password] = ?) AND (userid = ?)
谢啦!