SQL Command.ExecuteReader vb.net
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/21339881/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
SQL Command.ExecuteReader vb.net
提问by user3232927
I am trying to use a login form with SQL Express 2012 and vb.net. I have the db connection, now I have the following problem; Incorrect syntax near '=' for the code ; data = command.ExecuteReader Any suggestions? Here is the code Thanks!!!!!!!
我正在尝试在 SQL Express 2012 和 vb.net 中使用登录表单。我有数据库连接,现在我有以下问题;代码中 '=' 附近的语法不正确;data = command.ExecuteReader 有什么建议吗?这是代码谢谢!!!!!!
Imports System.Data.SqlClient
Imports System.Data.OleDb
Public Class login
Private Sub login_user_Click(sender As Object, e As EventArgs) Handles login_user.Click
Dim conn As New SqlConnection
If conn.State = ConnectionState.Closed Then
conn.ConnectionString = ("Server=192.168.0.2;Database=Sunshinetix;User=sa;Password=sunshine;")
End If
Try
conn.Open()
Dim sqlquery As String = "SELECT = FROM Users Where Username = '" & username_user.Text & "';"
Dim data As SqlDataReader
Dim adapter As New SqlDataAdapter
Dim command As New SqlCommand
command.CommandText = sqlquery
command.Connection = conn
adapter.SelectCommand = command
data = command.ExecuteReader()
While data.Read
If data.HasRows = True Then
If data(2).ToString = password_user.Text Then
MsgBox("Sucsess")
Else
MsgBox("Login Failed! Please try again or contact support")
End If
Else
MsgBox("Login Failed! Please try again or contact support")
End If
End While
Catch ex As Exception
End Try
End Sub
End Class
结束类
回答by Marek
The problem was that your query is SELECT = FROMwhich is obviously a typo the correct syntax is SELECT * FROM.
问题是您的查询SELECT = FROM显然是一个错字,正确的语法是SELECT * FROM.
See my code to avoid SqlInjection
请参阅我的代码以避免 SqlInjection
Try this code:
试试这个代码:
Dim conn As New SqlConnection
If conn.State = ConnectionState.Closed Then
conn.ConnectionString = ("Server=192.168.0.2;Database=Sunshinetix;User=sa;Password=sunshine;")
End If
Try
conn.Open()
Dim sqlquery As String = "SELECT * FROM Users Where Username = @user;"
Dim data As SqlDataReader
Dim adapter As New SqlDataAdapter
Dim parameter As New SqlParameter
Dim command As SqlCommand = New SqlCommand(sqlquery, conn)
With command.Parameters
.Add(New SqlParameter("@user", password_user.Text))
End With
command.Connection = conn
adapter.SelectCommand = command
data = command.ExecuteReader()
While data.Read
If data.HasRows = True Then
If data(2).ToString = password_user.Text Then
MsgBox("Sucsess")
Else
MsgBox("Login Failed! Please try again or contact support")
End If
Else
MsgBox("Login Failed! Please try again or contact support")
End If
End While
Catch ex As Exception
End Try
I would recommend to you use the parametrized query to avoid SQL Injection
我建议您使用参数化查询来避免SQL 注入
回答by Aaron
Change
改变
SELECT = FROM Users ....
SELECT = FROM Users ....
to
到
SELECT * FROM Users ....
SELECT * FROM Users ....
回答by Maryam Arshi
There is an Extra =in your query, There should not be any = after Select keyword.
=您的查询中有一个 Extra , Select 关键字后不应有任何 =。
Dim sqlquery As String = "SELECT * FROM Users Where Username = '" & username_user.Text & "';"
