Warning: file_get_contents(/data/phpspider/zhask/data//catemap/7/css/32.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Html 在asp.net中连接数据库和读取数据_Html_Css_Asp.net_Sql Server - Fatal编程技术网
Fatal编程技术网
  • html/
  • Html 在asp.net中连接数据库和读取数据

Html 在asp.net中连接数据库和读取数据

html css asp.net sql-server

Html 在asp.net中连接数据库和读取数据,html,css,asp.net,sql-server,Html,Css,Asp.net,Sql Server,我做错了什么?我得到一个错误: 附近语法不正确= 在这一行代码中: Dim SqlDataReader As SqlClient.SqlDataReader = SQLCommad.ExecuteReader() 我的代码: Dim Username = TUserName.Text Dim Password = TPassword.Text Dim SqlConnection = New SqlClient.SqlConnection(My.Settings.DBConnection.To

我做错了什么?我得到一个错误:

附近语法不正确=

在这一行代码中:

Dim SqlDataReader As SqlClient.SqlDataReader = SQLCommad.ExecuteReader()
我的代码:

Dim Username = TUserName.Text
Dim Password = TPassword.Text

Dim SqlConnection = New SqlClient.SqlConnection(My.Settings.DBConnection.ToString)
Dim SQLCommand = New SqlClient.SqlCommand("select * from " + My.Settings.TableName.ToString + "Where EmpID = " + Username, SqlConnection)
SqlConnection.Open()

Dim SqlDataReader As SqlClient.SqlDataReader = SQLCommand.ExecuteReader

While (SqlDataReader.Read)
      If Username = SqlDataReader(1).ToString And Password = SqlDataReader(20).ToString Then
         If eEncrypt(Username, Password) Then
            MsgBox("You are NOT logged in")
         Else
            MsgBox("You are logged in")
         End If
      End If
End While

SqlConnection.Close()
你错过了括号

Dim SqlDataReader As SqlClient.SqlDataReader = SQLCommad.ExecuteReader()
这行代码

Dim SQLCommand=New SqlClient.SQLCommand(“从“+My.Settings.TableName.ToString+”中选择*,其中EmpID=“+Username,SqlConnection”)

应该是

Dim SQLCommand=New SqlClient.SQLCommand(“从“+My.Settings.TableName.ToString+”中选择*,其中EmpID=”“+Username+”,SqlConnection)

从手机上发布。

这应该有效,请参见如何添加参数表

Dim Username = TUserName.Text
Dim Password = TPassword.Text

Dim SqlConnection = New SqlClient.SqlConnection(My.Settings.DBConnection.ToString)
Dim SQLCommand = New SqlClient.SqlCommand("select * from " + My.Settings.TableName.ToString + "Where EmpID = @Username", SqlConnection)

SQLCommand.Parameters.AddWithValue("@Username", Username)
SqlConnection.Open()

Dim SqlDataReader As SqlClient.SqlDataReader = SQLCommand.ExecuteReader()

While (SqlDataReader.Read)
      If Username = SqlDataReader(1).ToString And Password = SqlDataReader(20).ToString Then
         If eEncrypt(Username, Password) Then
            MsgBox("You are NOT logged in")
         Else
            MsgBox("You are logged in")
         End If
      End If
End While

SqlConnection.Close()
是的,没错same@PieterdeVries我现在很困惑。编译前或运行时出错?你能用@Horaciux代码更新你的帖子吗?它会导致
完全相同的
错误。
用户名是一个文本,你不能在SQL上用“``扭曲它,除此之外,您的代码还可以进行SQL注入。
MsgBox
在asp.NET上不起作用。这将修复错误,但您需要使用SQL参数
New SqlClient.SqlCommand(“select*from”+My.Settings.TableName.ToString+,其中EmpID=“+Username+”,SqlConnection)
(在何处添加`和额外空格)