Question
I have a question about ASP.NET and SQL Server database and using Visual Studio 2010. The problem is about the login control cs part.
I linked my form with database, need to compare login and password with ones in DB, but the line
https://stackoverflow.com/questions/19695287
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianSqlDataReader rdr = com.ExecuteReader();
says that there is an error with syntax near "user"
Is it a query problem?
Can you help me please?
private bool UserLogin(string userName, string password)
{
// read the coonection string from web.config
string conString = ConfigurationManager.ConnectionStrings["MidLinData"].ConnectionString;
using (System.Data.SqlClient.SqlConnection con = new System.Data.SqlClient.SqlConnection(conString))
{
con.Open();
//' declare the command that will be used to execute the select statement
// SqlCommand com = new SqlCommand("SELECT login FROM user WHERE userName = @login AND Password = @password", con);
SqlCommand com = new SqlCommand("SELECT login FROM user WHERE userName = @login ", con);
SqlCommand com2 = new SqlCommand("SELECT password FROM user WHERE password = @password ", con);
// set the username and password parameters
com.Parameters.Add("@login", SqlDbType.NVarChar).Value = userName;
SqlDataReader rdr = com.ExecuteReader();
//com.Parameters.Add("@password", SqlDbType.NVarChar).Value = password;
string result = rdr[0].ToString();
// execute the select statment
// string result = Convert.ToString(com.ExecuteScalar());
//' check the result
if (string.IsNullOrEmpty(result))
{
//invalid user/password , return flase
return false;
}
else
{
// valid login
return true;
}
return true;
}
}
Compiler says:
Server Error in '/visualStudioWebsite' Application.
Incorrect syntax near the keyword 'user'.
Description: An unhandled exception occurred during the execution of the current web request.
Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near the keyword 'user'.
Source Error:
Line 57: // set the username and password parameters
Line 58: com.Parameters.Add("@login", SqlDbType.NVarChar).Value = userName;
Line 59: SqlDataReader rdr = com.ExecuteReader();
Line 60: com.Parameters.Add("@password", SqlDbType.NVarChar).Value = password;
Line 61:Source File: c:\Users\annasolovjova\Desktop\visualStudioWebsite\login.aspx.cs Line: 59
Solution
user is a reserved keyword in SQL Server - you're best bet is not to use it as a table name! And if you insist on using it, you must put it in square brackets:
SqlCommand com = new SqlCommand("SELECT login FROM [user] WHERE userName = @login ", con);
OTHER TIPS
You can combine both command like this:
SqlCommand com = new SqlCommand();
com.Connection = con;
com.CommandText = "SELECT login, password FROM user WHERE userName = @login and password = @password";
com.Parameters.AddWithValue("login", userName);
com.Parameters.AddWithValue("password", password);
