0

当我运行程序时.exception“必须声明标量变量@password12”
通过.even我使用断点来检查这个参数变量的值。它是正确的
。但我不知道问题出在哪里???

 code:
         public DataSet showoption1(seter set)
            {


                string sql = "SELECT   menue.menuename,roleid, [right].rightname,
      role.rolename, employee.employeename, employee.password FROM  [right] INNER JOIN 
      permission ON [right].rightid = permission.rightid INNER JOIN  role ON    
     permission.roleid = role.roleid INNER JOIN emp_men INNER JOIN employee ON 

    emp_men.employeeid = employee.employeeid ON role.roleid = employee.roleid INNER JOIN
    menue ON emp_men.menueid = menue.menueid where employee.employeenamee=@username AND    
   employee.password=@password12 ";


                SqlCommand cmd = new SqlCommand(sql, con);
                cmd.Parameters.AddWithValue("@username",set.Username);
                cmd.Parameters.AddWithValue("@pasword12",set.Password);
                SqlDataAdapter adptr = new SqlDataAdapter(cmd);

                DataSet ds = new DataSet();
                adptr.Fill(ds);
               int id=  Convert.ToInt32( ds.Tables[2].Rows[0]["rooleid"]);

          st.Username=  Convert.ToString(ds.Tables[2].Rows[id]["roolename"]);

                adptr.Dispose();

                return ds;

            }
4

1 回答 1

3

错字:

cmd.Parameters.AddWithValue("@pasword12",set.Password);

应该

cmd.Parameters.AddWithValue("@password12",set.Password);

下一项工作:去用哈希替换密码,按帐户加盐。不完全是。存储实际密码是一个非常糟糕的主意。

于 2012-06-15T11:07:07.007 回答