当按下“注册”按钮时,Visual Studio 2012 在 SQL 语句中给我一个错误
sqlValidate = "SELECT * FROM users where username=" + txtUsername.Text.ToString
错误是:
列名“cdarwin”无效
其中 ' cdarwin
' 是输入的用户名txtUsername
。
谁能告诉我怎么了?
这是子的完整代码:
Public Sub register()
Dim Username As String = txtUsername.Text
Dim Surname As String = txtSurname.Text
Dim Password As String = txtPassword.Text
Dim Name As String = txtName.Text
Dim Address1 As String = txtAddress1.Text
Dim Address2 As String = txtAddress2.Text
Dim City As String = txtCity.Text
Dim Email As String = txtEmail.Text
Dim Country As String = drpCountry.Text
Dim DOB As Date = calDOB.SelectedDate
Dim Occupation As String = txtOccupation.Text
Dim WorkLocation As String = txtWorkLocation.Text
Dim Age As Integer = Date.Today.Year - calDOB.SelectedDate.Year
Dim ProjectManager As String = "N/A"
Dim TeamLeader As String = "N/A"
Dim TeamLeaderID As Integer = "1"
Dim ProjectManagerID As Integer = "1"
Dim RegistrationDate As Date = DateTime.Today
Dim ContractType As String = "N/A"
Dim ContractDuration As Integer = 6
Dim Department As String = "N/A"
Dim conn As New SqlConnection("Data Source=BRIAN-PC\SQLEXPRESS;Initial Catalog=master_db;Integrated Security=True")
Dim registerSQL As SqlCommand
Dim sqlComm As String
Dim validateSQL As SqlCommand
Dim sqlValidate As String
sqlValidate = "SELECT * FROM users where username=" + txtUsername.Text.ToString
sqlComm = "INSERT INTO users(Username, Password, Name, Surname, Address1, Address2, " +
"City, Country, date_of_birth, age, Occupation, department, work_location, " +
"project_manager,team_leader, team_leader_id, project_manager_id, " +
"date_registration, contract_type, contract_duration) " +
"VALUES(@p1, @p2,@p3,@p4,@p5,@p6,@p7,@p8,@p9,@p10,@p11,@p12,@p13,@p14,@p15," +
"@p16,@p17,@p18,@p19,@p20)"
conn.Open()
validateSQL = New SqlCommand(sqlValidate, conn)
Dim dr As SqlDataReader = validateSQL.ExecuteReader()
If dr.HasRows = False Then
dr.Close()
registerSQL = New SqlCommand(sqlComm, conn)
registerSQL.Parameters.AddWithValue("@p1", Username)
registerSQL.Parameters.AddWithValue("@p2", Password)
registerSQL.Parameters.AddWithValue("@p3", Name)
registerSQL.Parameters.AddWithValue("@p4", Surname)
registerSQL.Parameters.AddWithValue("@p5", Address1)
registerSQL.Parameters.AddWithValue("@p6", Address2)
registerSQL.Parameters.AddWithValue("@p7", City)
registerSQL.Parameters.AddWithValue("@p8", Country)
registerSQL.Parameters.AddWithValue("@p9", DOB)
registerSQL.Parameters.AddWithValue("@p10", Age)
registerSQL.Parameters.AddWithValue("@p11", Occupation)
registerSQL.Parameters.AddWithValue("@p12", Department)
registerSQL.Parameters.AddWithValue("@p13", WorkLocation)
registerSQL.Parameters.AddWithValue("@p14", ProjectManager)
registerSQL.Parameters.AddWithValue("@p15", TeamLeader)
registerSQL.Parameters.AddWithValue("@p16", TeamLeaderID)
registerSQL.Parameters.AddWithValue("@p17", ProjectManagerID)
registerSQL.Parameters.AddWithValue("@p18", RegistrationDate)
registerSQL.Parameters.AddWithValue("@p19", ContractType)
registerSQL.Parameters.AddWithValue("@p20", ContractDuration)
registerSQL.ExecuteNonQuery()
conn.Close()
ElseIf dr.HasRows = True Then
lblUsername.Text = "That Username (" + txtUsername.Text + ") is already registered/taken."
lblUsername.Visible = True
conn.Close()
End If
End Sub