System.Data.OleDb.OleDbException: ‘在处理命令期间发生了一个或多个错误

huangapple go评论56阅读模式
英文:

System.Data.OleDb.OleDbException: 'One or more errors occurred during processing of command

问题

It seems like you want help with an error in your code. However, I need more specific information about the error message or the issue you're encountering in order to assist you effectively. Please provide details about the error message or the problem you're facing.

英文:
void login()
        {
            OleDbDataAdapter da = new OleDbDataAdapter(" select count(*) from admin where ='"+textBox1.Text+"' and username= '"+textBox2.Text+"'",conn);
            DataTable dt = new DataTable();
            da.Fill(dt);
            if (textBox1.Text.Equals(" "))
            {
                MessageBox.Show("ENTER USERNAME ");
            }
            else if (textBox1.Text.Equals(" "))
            {
                MessageBox.Show("ENTER USERNAME ");
            }
            else if (dt.Rows[0][0].ToString() == "1")
            {
                Form2 f = new Form2();
                f.Show();
                this.Hide();
            }
            else
            {
                Form2 F1 = new Form2();
                F1.Show();
                this.Hide();
                MessageBox.Show("username or password incorrect");
            }
        }

I want answer to this error.

答案1

得分: 1

The code you provided has a syntax error in the SQL query. The WHERE clause is incomplete and missing a column name after the 'where =' expression. To fix this error, you need to add the column name in the WHERE clause as shown in the corrected code:

"SELECT COUNT(*) FROM admin WHERE column_name='" + textBox1.Text + "' AND username='" + textBox2.Text + "'", conn.

However, I also want to mention that your code may be vulnerable to SQL injection attacks. To avoid this, you should use parameterized queries instead of concatenating user input directly into the SQL statement. The parameterized query would look like this:

"SELECT COUNT(*) FROM admin WHERE column_name=@value1 AND username=@value2", conn.

Then, you would replace @value1 and @value2 with the values of textBox1.Text and textBox2.Text using parameters, like this:

cmd.Parameters.AddWithValue("@value1", textBox1.Text);
cmd.Parameters.AddWithValue("@value2", textBox2.Text);

Note that the code sample I gave you was for MySQL. Check the documentation for your database version.

英文:

The code you provided has a syntax error in the SQL query. The WHERE clause is incomplete and missing a column name after the 'where =' expression. To fix this error, you need to add the column name in the WHERE clause as shown in the corrected code:

"SELECT COUNT(*) FROM admin WHERE column_name='" + textBox1.Text + "' AND username='" + textBox2.Text + "'", conn.

However, I also want to mention that your code may be vulnerable to SQL injection attacks. To avoid this, you should use parameterized queries instead of concatenating user input directly into the SQL statement. The parameterized query would look like this:

"SELECT COUNT(*) FROM admin WHERE column_name=@value1 AND username=@value2", conn.

Then, you would replace @value1 and @value2 with the values of textBox1.Text and textBox2.Text using parameters, like this:

cmd.Parameters.AddWithValue("@value1", textBox1.Text);
cmd.Parameters.AddWithValue("@value1", textBox2.Text);

Note that the code samble I gave you was for MySQL. Check the documentation for your database version.

huangapple
  • 本文由 发表于 2023年5月7日 08:00:59
  • 转载请务必保留本文链接:https://go.coder-hub.com/76191682.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定