(转载)在关键字 'user' 附近有语法错误

在关键字 'user' 附近有语法错误。
异常详细信息: System.Data.SqlClient.SqlException: 在关键字 'user' 附近有语法错误。

源错误:
行 38:             Response.Write(mysql);
行 39:             SqlCommand mycmd=new SqlCommand(mysql,myconn);
行 40:             SqlDataReader mydr = mycmd.ExecuteReader();
行 41:             try
行 42:             {
源文件: c:/Inetpub/wwwroot/vote/login.aspx.cs    行: 40

string UserName = tbxaccount.Text.ToString();
string Password = tbxpwd.Text.ToString();
if (UserName == "" | Password == "")
{
       lblerr.Visible = true;
       lblerr.Text = "请输入用户名和密码";
}
  else
  {
string settings=Convert.ToString(ConfigurationManager.ConnectionStrings["MySqlConnection"]);
  SqlConnection myconn=new SqlConnection(settings);
  myconn.Open();
  string mysql = "select * from user  where userName="+"'"+UserName+"'"+"And  userPwd=" + "'" + Password +  " ' ";           
   SqlCommand mycmd=new SqlCommand(mysql,myconn);
  SqlDataReader mydr = mycmd.ExecuteReader();
   try
    {
          if(mydr.Read())
           {
               lblerr.Visible = true;
               lblerr.Text = "登录成功";
            }
            else
            {
                 lblerr.Visible=true;
                 lblerr.Text="用户名或密码错误";
             }
        }
        finally
        {
            mydr.Close();
            myconn.Close();
         }
      }

 

 

 

 

 

 

最佳答案

string mysql = "select * from user where userName="+"'"+UserName+"'"+"And userPwd=" + "'" + Password + " ' ";



user属于sql里的关键字，所以会报错，一般不要用关键字作为表名，如果关键字做表名用[]括起来，

string mysql = "select * from [user] where userName="+"'"+UserName+"'"+"And userPwd=" + "'" + Password + " ' ";