SqlDataReader reader = cmd.ExecuteReader(); 字符串 '' 后的引号不完整。 20
protectedvoidTextBox1_TextChanged(objectsender,EventArgse){stringuser=TextBox1.Text;s...
protected void TextBox1_TextChanged(object sender, EventArgs e)
{
string user = TextBox1.Text;
string pwd = TextBox2.Text;
SqlConnection conn = new SqlConnection();
//数据库连接语句
conn.ConnectionString = "server =localhost;database =web_DB;uid=sa;pwd =sa";
conn.Open();
string sql = "select *from message where user=" + this.TextBox1.Text + "'";
SqlCommand cmd = new SqlCommand(sql, conn);
if (conn.State == ConnectionState.Closed)
{
conn.Open();
}
SqlDataReader reader = cmd.ExecuteReader();
if (reader.Read())
{
reader.Close();
TextBox1.Text = "注册失败,用户已存在";
}
else
{
reader.Close();
string sql1 = "insert into web_DB(user,pwd)+values('" + user + "','" + pwd + "')";
SqlCommand cmd1 = new SqlCommand(sql, conn);
cmd.ExecuteNonQuery();
Response.Write("<script>alert('注册成功');window.window.location.href='login.aspx';</script>");
} 展开
{
string user = TextBox1.Text;
string pwd = TextBox2.Text;
SqlConnection conn = new SqlConnection();
//数据库连接语句
conn.ConnectionString = "server =localhost;database =web_DB;uid=sa;pwd =sa";
conn.Open();
string sql = "select *from message where user=" + this.TextBox1.Text + "'";
SqlCommand cmd = new SqlCommand(sql, conn);
if (conn.State == ConnectionState.Closed)
{
conn.Open();
}
SqlDataReader reader = cmd.ExecuteReader();
if (reader.Read())
{
reader.Close();
TextBox1.Text = "注册失败,用户已存在";
}
else
{
reader.Close();
string sql1 = "insert into web_DB(user,pwd)+values('" + user + "','" + pwd + "')";
SqlCommand cmd1 = new SqlCommand(sql, conn);
cmd.ExecuteNonQuery();
Response.Write("<script>alert('注册成功');window.window.location.href='login.aspx';</script>");
} 展开
3个回答
展开全部
用字符串拼SQL语句,这样的代码太闹心了,为什么不用SqlParameter参数?
例子:
String cmdString="insert into web_DB(user,pwd)values(@user,@pwd)";
SqlCommand cmd=new SqlCommand(cmdString,conn);
cmd.Parameters.AddWithValue("@user",user);
cmd.Parameters.AddWithValue("@pwd",pwd);
using(conn)
{
conn.Open();
cmd.ExecuteQuery();
}
例子:
String cmdString="insert into web_DB(user,pwd)values(@user,@pwd)";
SqlCommand cmd=new SqlCommand(cmdString,conn);
cmd.Parameters.AddWithValue("@user",user);
cmd.Parameters.AddWithValue("@pwd",pwd);
using(conn)
{
conn.Open();
cmd.ExecuteQuery();
}
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
展开全部
将C:\Users\<当前用户>\AppData\Local\Microsoft_Corporation\文件夹下的LandingPage.exe*文件夹删除,再运行安装程序即正常。
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
展开全部
string sql = "select *from message where user=" + this.TextBox1.Text + "'";
⇒string sql = "select * from message where user='" + this.TextBox1.Text + "'";
⇒string sql = "select * from message where user='" + this.TextBox1.Text + "'";
本回答被网友采纳
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
更多回答(1)
推荐律师服务:
若未解决您的问题,请您详细描述您的问题,通过百度律临进行免费专业咨询
