C# 关键字“select”附近的语法不正确
在VisualStudio中尝试使用此代码时出错 谁能帮我一下吗C# 关键字“select”附近的语法不正确,c#,C#,在VisualStudio中尝试使用此代码时出错 谁能帮我一下吗 using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; using System.Data.SqlClient; using System.Configuration; namespace mywebsite
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
namespace mywebsite
{
public partial class myregistration : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if(IsPostBack)
{
SqlConnection Conn = new SqlConnection(ConfigurationManager.ConnectionStrings["Registration1ConnectionString"].ConnectionString);
Conn.Open();
string checkuser = " Select count(*) from [userdata] where UserName='" + TextBoxuname.Text + "' ";
SqlCommand com = new SqlCommand(checkuser, Conn);
int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
if (temp == 1)
{
Response.Write(" User Already Exists ");
}
Conn.Close();
}
}
protected void Button1_Click1(object sender, EventArgs e)
{
try
{
SqlConnection Conn = new SqlConnection(ConfigurationManager.ConnectionStrings["Registration1ConnectionString"].ConnectionString);
Conn.Open();
string insertQuery = "insert into userdata (UserName,Password,Email,select country) values (@Uname ,@Password ,@email ,@Country)";
SqlCommand com = new SqlCommand(insertQuery, Conn);
com.Parameters.AddWithValue("@Uname", TextBoxuname.Text);
com.Parameters.AddWithValue("@Password", TextBoxpass.Text);
com.Parameters.AddWithValue("@email", TextBoxemail.Text);
com.Parameters.AddWithValue("@Country", DropDownListselectcountry.SelectedItem.ToString());
com.ExecuteNonQuery();
Response.Redirect("manager.aspx");
Response.Write("Resgistration is Successfull");
Conn.Close();
}
catch(Exception ex)
{
Response.Write("Error:" + ex.ToString());
}
}
}
}
错误:
错误:System.Data.SqlClient.SqlException:关键字“select”附近的语法不正确。位于System.Data.SqlClient.SqlConnection.OnErrorSqlException异常,位于System.Data.SqlClient.SqlInternalConnection.OnErrorSqlException异常的布尔断开连接,位于System.Data.SqlClient.TdsParser.TdsParser.TdsParser.runBehavior的布尔断开连接,SqlCommand cmdHandler、SqlDataReader dataStream、BulkCopySimpleResultSet bulkCopyHandler、位于System.Data.SqlClient.SqlCommand.FinishExecuteReaderSqlDataReader ds的TdsParserStateObject StateObject、RunBehavior、String ResetOptionString位于System.Data.SqlClient.SqlCommand.RunExecuteReaderDsCommandBehavior cmdBehavior、,RunBehavior RunBehavior,布尔返回流,System.Data.SqlClient.SqlCommand.RunExecuteReaderCommandBehavior cmdBehavior处的布尔异步,RunBehavior RunBehavior,布尔返回流,String方法,System.Data.SqlClient.SqlCommand.InternalExecuteOnQueryDBAsyncResult结果,String方法名,Boolean sendToPipe at System.Data.SqlClient.SqlCommand.ExecuteNonQuery at mywebsite.myregistration.Button1\u单击1对象发送者,在此处输入代码c:\Users\Rahul\Documents\Visual Studio 2008\Projects\Project1\mywebsite\myregistration.aspx.cs:第50行
它在第50行显示错误,即com.ExecuteNonQuery;
如果我将其从代码中删除,则记录不会插入数据库,因此请建议我必须对代码执行哪些操作 试试这个:
string checkuser = "Select count(*) from [userdata] where UserName='" + TextBoxuname.Text + "' ";
即,在选择之前删除空格
还可以尝试以下方法:
string insertQuery = "insert into userdata (UserName,Password,Email,select country) values (@Uname ,@Password ,@email ,@Country)";
旁注:
不要使用字符串连接,而应尝试使用参数化查询
string insertQuery = "insert into userdata (UserName,Password,Email,select country) values (@Uname ,@Password ,@email ,@Country)";
我认为您需要删除单词select,我不会像这样使用内联SQL。不好的做法,并且对SQL注入开放。 看 你想用 请用这样的东西
using (SqlConnection Conn = new SqlConnection(ConfigurationManager.ConnectionStrings["Registration1ConnectionString"].ConnectionString))
{
Conn.Open();
using (SqlCommand cmd = Conn.CreateCommand())
{
cmd.CommandText = "select count(*) from [userdata] where UserName=@username";
cmd.Parameters.AddWithValue(TextBoxuname.Text);
int temp = (int)cmd.ExecuteScalar();
if (temp.Equals(1))
{
Response.Write(" User Already Exists ");
}
}
}
这是因为select是一个关键字,而您的列名中有一个空格。改为编写此查询:
string insertQuery = "insert into userdata (UserName,Password,Email, [select country]) values (@Uname ,@Password ,@email ,@Country)";
在整个应用程序中,您应该像在第二个查询中一样使用参数化查询,而不是通过压缩字符串来构造查询。为什么在第二个语句中选择country?在c中参数化查询非常容易,不要做这个字符串连接的废话,你实际上是在第二个queryGlad中做的,没关系。别忘了把另一个查询参数化如下:我否决了它,因为它没有回答问题。这不是OP所问的问题,而他们确实应该参数化查询。此外,OP已经知道如何参数化查询,因为第二个查询已经正确地完成了,其他人已经对这样做的必要性发表了评论。这个答案毫无用处。