asp.net - 运行选择语句的asp.net sql错误

Question

我按照 youtube 上的教程编写了登录和注册代码，但出现了错误。

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;

public partial class Registration : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        if (IsPostBack)
        {
            SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["earchConnectionString"].ConnectionString);
            con.Open();
            string cmdStr = "Select count(*) from user where UserName='" + TextBoxUN.Text + "'";
            SqlCommand userExist = new SqlCommand(cmdStr, con);
            int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());
            con.Close();
            if (temp == 1)
            {
                Response.Write("User Name Already Exist....<br /> Please Choose Another User Name.");
            }
        }
        
    }
    protected void Submit_Click(object sender, EventArgs e)
    {
        /*if (IsPostBack)
        {
            Response.Write("You have successfully registered");
        }*/
        SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["earchConnectionString"].ConnectionString);
        con.Open();
        string insCmd = "Insert into user (UserName, Password, EmailAddress, FullName, level) values (@UserName,@Password,@EmailAddress, @FullName, @level)";
        SqlCommand insertUser = new SqlCommand(insCmd, con);
        insertUser.Parameters.AddWithValue("@UserName", TextBoxUN.Text);
        insertUser.Parameters.AddWithValue("@Password", TextBoxPass.Text);
        insertUser.Parameters.AddWithValue("@EmailAddress", TextBoxEA.Text);
        insertUser.Parameters.AddWithValue("@FullName", TextBoxFN.Text);
        insertUser.Parameters.AddWithValue("@level", level.SelectedItem.ToString());

        try
        {
            insertUser.ExecuteNonQuery();
            con.Close();
            Response.Redirect("Login.aspx");
        }
        catch (Exception er)
        {
            Response.Write("Something wrong");
        }
        finally
        {
            //Any Special Action You Want To Add
        }

    }
}

但有错误信息：

关键字“用户”附近的语法不正确。

说明：执行当前 Web 请求期间发生未处理的异常。> 请查看堆栈跟踪以获取有关错误及其来源的更多信息 > 代码。

异常详细信息：System.Data.SqlClient.SqlException：关键字“用户”附近的语法不正确。

源错误：

第 18 行：string cmdStr = "Select count(*) from user where UserName='" + TextBoxUN.Text + "'"; 第 19 行：SqlCommand userExist = new SqlCommand(cmdStr, con); 第 20 行：int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString()); 第 21 行：con.Close(); 第 22 行：如果（温度 == 1）

源文件：c:\inetpub\web1\Registration.aspx.cs 行：20

堆栈跟踪：

[SqlException (0x80131904): 关键字'user'附近的语法不正确。] System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection) +2042118
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) +5043644
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning() +234
System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) +2294
System.Data.SqlClient.SqlDataReader。消费MetaData() +33
System.Data.SqlClient.SqlDataReader.get_MetaData() +86
System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) +311
System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) +987
System.Data.SqlClient .SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result) +162
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method) +32 System.Data。 SqlClient.SqlCommand.ExecuteScalar() +139
Registration.Page_Load(Object sender, EventArgs e) in c:\inetpub\web1\Registration.aspx.cs:20
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35 System.Web.UI.Control。 OnLoad(EventArgs e) +91
System.Web.UI.Control.LoadRecursive() +74
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2207

有什么问题？

score 3 · Accepted Answer

用户是保留关键字。把它放在方括号里，你应该很好。

select count(*) from [user]

score 0 · Accepted Answer

将方括号与表名、列一起使用始终是一个好习惯。

此外，在查询中使用用户输入时使用 SqlParameters 以避免 SQL 注入。

asp.net - 运行选择语句的asp.net sql错误

2 回答 2

Related

Reference