必须声明标量变量“@User”
本文关键字:@User 变量 标量 声明 | 更新日期: 2023-09-27 18:02:09
我一直得到一个错误,我不明白:
必须声明标量变量"@user"
我实际上在做一个网站,我正在使用c# ASP。. NET和SQL Server。我有一个类的名字是Connection
,另一个叫Query
。问题就在这里
public class Query
{
public int ValidateLogin(string userID, string password)
{
string query = "Select * From tblLogin where UserID = @user and Password = @paswd";
Connection objConn = new Connection();
DataTable dtLogin = objConn.GetDataFromDB(query);
int result = 0;
if (dtLogin.Rows.Count > 0)
{
result = 1;
}
return result;
}
public class Connection
{
string conn = ConfigurationManager.ConnectionStrings["DBConn"].ToString();
public DataTable GetDataFromDB(string query)
{
SqlConnection myConn = new SqlConnection(conn);
myConn.Open();
SqlDataAdapter da = new SqlDataAdapter();
da.SelectCommand = myConn.CreateCommand();
da.SelectCommand.CommandText = query;
DataTable dt = new DataTable();
da.Fill(dt);
da.Dispose();
myConn.Close();
return dt;
}
protected void Page_Load(object sender, EventArgs e)
{
}
protected void btn_login_Click(object sender, EventArgs e)
{
int result = 0;
Query q = new Query();
result = q.ValidateLogin(txt_userID.Text, txt_password.Text);
if (result == 1)
{
Response.Redirect("~/Performance Appraisal Form.aspx");
}
else
{
}
}
将您的参数添加到SelectCommand
的例子:
private static void UpdateDemographics(Int32 customerID,
string demoXml, string connectionString)
{
// Update the demographics for a store, which is stored
// in an xml column.
string commandText = "UPDATE Sales.Store SET Demographics = @demographics "
+ "WHERE CustomerID = @ID;";
using (SqlConnection connection = new SqlConnection(connectionString))
{
SqlCommand command = new SqlCommand(commandText, connection);
command.Parameters.Add("@ID", SqlDbType.Int);
command.Parameters["@ID"].Value = customerID;
// Use AddWithValue to assign Demographics.
// SQL Server will implicitly convert strings into XML.
command.Parameters.AddWithValue("@demographics", demoXml);
try
{
connection.Open();
Int32 rowsAffected = command.ExecuteNonQuery();
Console.WriteLine("RowsAffected: {0}", rowsAffected);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
}
代码
要做到这一点,请在
中添加另一个参数 public DataTable GetDataFromDB(string query)
改为
public DataTable GetDataFromDB(string query, string[] params) //example, can be another type of collection like ParameterCollection.
da.SelectCommand.parameters.add("@user",params[0]);
da.SelectCommand.parameters.add("@paswd",params[1]);
传递参数给你的方法。
string[] Params= new string[2];
Params[0] = txt_userID.Text;
Params[1] =txt_password.Text;
DataTable dtLogin = objConn.GetDataFromDB(query,Params);
参考:http://msdn.microsoft.com/es-es/library/system.data.sqlclient.sqlcommand.parameters (v = vs.110) . aspx
您正在使用内联SQL,因此它需要是一个有效的SQL字符串。@user不是SQL代码中声明的变量,因此不会检测到它。要么在SQL字符串中包含一个声明语句,要么在字符串中注入"user"的实际值。
希望对你有帮助。
哦,顺便说一句…请不要使用内联SQL,它非常不安全。