C# 尝试访问数据库C asp.net时,源附近出现语法错误
这应该检查Users.mdf数据库中用户名的occorance数。但是当它点击ExecuteOnQuery时,我在源运行时错误附近得到了一个语法错误。我找不到任何错误。。。请帮助:您的格式化sql语句未包含用户名分隔符:C# 尝试访问数据库C asp.net时,源附近出现语法错误,c#,asp.net,sql,C#,Asp.net,Sql,这应该检查Users.mdf数据库中用户名的occorance数。但是当它点击ExecuteOnQuery时,我在源运行时错误附近得到了一个语法错误。我找不到任何错误。。。请帮助:您的格式化sql语句未包含用户名分隔符: string databaseLocation = "|DataDirectory|\\Users.mdf"; string connectionString = "Data Source=.\\SQLEXPRESS;AttachDbFilename=" + databaseL
string databaseLocation = "|DataDirectory|\\Users.mdf";
string connectionString = "Data Source=.\\SQLEXPRESS;AttachDbFilename=" + databaseLocation + ";Integrated Security=True;User Instance=True";
SqlConnection sqlConnection = new SqlConnection(connectionString);
SqlCommand command = new SqlCommand();
command.CommandText = String.Format("SELECT * FROM Users WHERE Username = {0}", username);
command.CommandType = CommandType.Text;
command.Connection = sqlConnection;
sqlConnection.Open();
int numberOfRows = command.ExecuteNonQuery();
sqlConnection.Close();
return numberOfRows;
将命令文本设置为类似以下内容:
command.CommandText = String.Format("SELECT * FROM Users WHERE Username = {0}", username);
这很容易纠正,但最好使用SqlParameter:
此外,ExecuteOnQuery将为受影响的行数返回-1,因为select不影响行。相反,你应该:
command.CommandText = "SELECT * FROM Users WHERE Username = @username");
command.Parameters.AddWithValue("@username", username);
您的代码应该是:
command.CommandText = "SELECT COUNT(*) FROM Users WHERE Username = @username");
command.Parameters.AddWithValue("@username", username);
...
int numberOfRows = (int)command.ExecuteScalar();
应该吗?查询返回用户名匹配的所有行-您希望选择COUNT*作为numInstances。。。因此,您可以引用列别名来获取值…但我认为ExecuteOnQuery会计算结果数,因此我不需要计算*?您还使用String.Format来替换用户名。除了这是个坏主意之外,还应该使用命令参数,它很可能会生成语法错误,因为WHERE子句中的用户名应该用单引号括起来,因为用户名可能是字符串列。当我进行这些更改时,会出现以下错误:数据类型text和nvarchar在equal to运算符中不兼容。@vbman11好的,用户名列是text。将其更改为适当大小的nvarchar列。@adrift-hey-nvarchar有效!谢谢但是如果我想使用文本类型怎么办?@vbman11,文本不适合这样的列-它打算用于存储多达20亿个字符的文本数据。它也不推荐使用,请参见。您可以在有意义的地方使用nvarcharmax,而不是本专栏。
command.CommandText = "SELECT COUNT(*) FROM Users WHERE Username = @username");
command.Parameters.AddWithValue("@username", username);
...
int numberOfRows = (int)command.ExecuteScalar();
string databaseLocation = "|DataDirectory|\\Users.mdf";
string connectionString = "Data Source=.\\SQLEXPRESS;AttachDbFilename=" + databaseLocation + ";Integrated Security=True;User Instance=True";
SqlConnection sqlConnection = new SqlConnection(connectionString);
SqlCommand command = new SqlCommand();
command.CommandText = "SELECT COUNT(*) FROM Users WHERE Username = @User";
command.CommandType = CommandType.Text;
command.Parameters.AddWithValue("@User",username);
command.Connection = sqlConnection;
sqlConnection.Open();
int numberOfRows = command.ExecuteScalar();
sqlConnection.Close();
return numberOfRows;