Html 在asp.net中连接数据库和读取数据
我做错了什么?我得到一个错误: 附近语法不正确= 在这一行代码中:Html 在asp.net中连接数据库和读取数据,html,css,asp.net,sql-server,Html,Css,Asp.net,Sql Server,我做错了什么?我得到一个错误: 附近语法不正确= 在这一行代码中: Dim SqlDataReader As SqlClient.SqlDataReader = SQLCommad.ExecuteReader() 我的代码: Dim Username = TUserName.Text Dim Password = TPassword.Text Dim SqlConnection = New SqlClient.SqlConnection(My.Settings.DBConnection.To
Dim SqlDataReader As SqlClient.SqlDataReader = SQLCommad.ExecuteReader()
我的代码:
Dim Username = TUserName.Text
Dim Password = TPassword.Text
Dim SqlConnection = New SqlClient.SqlConnection(My.Settings.DBConnection.ToString)
Dim SQLCommand = New SqlClient.SqlCommand("select * from " + My.Settings.TableName.ToString + "Where EmpID = " + Username, SqlConnection)
SqlConnection.Open()
Dim SqlDataReader As SqlClient.SqlDataReader = SQLCommand.ExecuteReader
While (SqlDataReader.Read)
If Username = SqlDataReader(1).ToString And Password = SqlDataReader(20).ToString Then
If eEncrypt(Username, Password) Then
MsgBox("You are NOT logged in")
Else
MsgBox("You are logged in")
End If
End If
End While
SqlConnection.Close()
你错过了括号
Dim SqlDataReader As SqlClient.SqlDataReader = SQLCommad.ExecuteReader()
这行代码
Dim SQLCommand=New SqlClient.SQLCommand(“从“+My.Settings.TableName.ToString+”中选择*,其中EmpID=“+Username,SqlConnection”)
应该是
Dim SQLCommand=New SqlClient.SQLCommand(“从“+My.Settings.TableName.ToString+”中选择*,其中EmpID=”“+Username+”,SqlConnection)
从手机上发布。这应该有效,请参见如何添加参数表
Dim Username = TUserName.Text
Dim Password = TPassword.Text
Dim SqlConnection = New SqlClient.SqlConnection(My.Settings.DBConnection.ToString)
Dim SQLCommand = New SqlClient.SqlCommand("select * from " + My.Settings.TableName.ToString + "Where EmpID = @Username", SqlConnection)
SQLCommand.Parameters.AddWithValue("@Username", Username)
SqlConnection.Open()
Dim SqlDataReader As SqlClient.SqlDataReader = SQLCommand.ExecuteReader()
While (SqlDataReader.Read)
If Username = SqlDataReader(1).ToString And Password = SqlDataReader(20).ToString Then
If eEncrypt(Username, Password) Then
MsgBox("You are NOT logged in")
Else
MsgBox("You are logged in")
End If
End If
End While
SqlConnection.Close()
是的,没错same@PieterdeVries我现在很困惑。编译前或运行时出错?你能用@Horaciux代码更新你的帖子吗?它会导致
完全相同的错误。用户名是一个文本,你不能在SQL上用“``扭曲它,除此之外,您的代码还可以进行SQL注入。MsgBox
在asp.NET上不起作用。这将修复错误,但您需要使用SQL参数New SqlClient.SqlCommand(“select*from”+My.Settings.TableName.ToString+,其中EmpID=“+Username+”,SqlConnection)
(在何处添加`和额外空格)