本文介绍了麻烦的SQL语法的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

下面是我的代码..我试图得到它来验证数据库。



通/用户名= Admin

  {
///<总结> $ B $为MainWindow.xaml
///< b ///交互逻辑; /总结>
公共部分类主窗口:窗口
{
公共主窗口()
{
的InitializeComponent();
}

私人无效main_B_Signup_Click(对象发件人,RoutedEventArgs E)
{
RegWindow RWindow对象=新RegWindow();
rWindow.Show();
this.Close();
}

私人无效main_B_login_Click(对象发件人,RoutedEventArgs E)
{
//连接到数据库
的SqlConnection loginConn =新的SqlConnection(服务器=本地主机;+Trusted_Connection =是;+=数据库生产;+连接超时= 30);

的SqlCommand CMD =新的SqlCommand('+ this.Main_T_Username.Text +和密码='+ this.Main_T_Password.Text +';从用户那里用户名=选择*', loginConn);
//的SqlCommand CMD =新的SqlCommand(从用户选择*其中用户名='用户名@'和密码='@密码;,loginConn);
//cmd.Parameters.Add(new的SqlParameter(用户名,this.Main_T_Username.Text));
//cmd.Parameters.Add(new的SqlParameter(密码,this.Main_T_Password.Text));

loginConn.Open();
SqlDataReader的RDR = cmd.ExecuteReader();
字符串的用户名= NULL;

如果(rdr.HasRows)
{
,而(rdr.Read())
{
=用户名RDR [用户名]。的ToString ();
}

loginConn.Close();

MessageBox.Show(干得好!);

}
,否则
{
MessageBox.Show(WrongPass!);
loginConn.Close();
}

}
}
}

但我得到的错误是附近的关键字用户




But the table is called User and there are columns Username and Password

Pic Of Database

解决方案

"User" is a reserved word in SQL Server. To use it as an identifier for a schema object, surround it with square braces:

SELECT * FROM [User]

It's generally good practice to do this with schema object identifiers anyway. It makes them more explicit in the query.

Additionally, you are:

  • directly concatenating user input as executable code, which is a SQL injection vulnerability. Use query parameters instead.
  • storing user passwords as plain text, which is grossly irresponsible to your users. User passwords should be obscured with a one-way hash and should never be retrievable.

这篇关于麻烦的SQL语法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-30 18:53