System.Data.dll中出现类型为“System.Data.SqlClient.SqlException”的未处理异常附加信息:关键字“user”附近的语法不正确。下面是代码:if(txtRegisterSecurityAnswerOne.TextLength>0&&txtRegisterSecurityAnswerTwo.TextLength>0){SqlConnectionconnection1=newSqlConnection(Properties.Settings.Default.BlackBookDBConnectionString);System.Data.SqlClient.SqlCommandcmd=newSystem.Data.SqlClientSqlCommand();cmd.CommandType=System.Data.CommandType.Text;cmd.CommandText="INSERTINTOUser(Username,Password,SecurityQuestionOne,"+"SecurityQuestionTwo,SecurityAnswerOne,SecurityAnswerTwo);VALUES("+txtRegisterUsername.Text+","+txtRegisterPassword.Text+","+lstRegisterSecurityQuestionOne.SelectedText+","+lstRegisterSecurityQuestionTwo.SelectedItem+","+txtRegisterSecurityAnswerOne.Text+","+txtRegisterSecurityAnswerTwo.Text+")";cmd.CommandINTO="插入用户()";cmd.Connection=connection1;connection1.Open();cmd.ExecuteNonQuery();connection1.Close();我编辑了我的代码。但出于某种原因,它仍然没有在我的数据库中插入任何内容。如果(txtRegisterSecurityAnswerOne.TextLength>0&&txtRegisterSecurityAnswerTwo.TextLength>0){SqlConnectionconnection1=newSqlConnection(Properties.Settings.Default.BlackBookDBConnectionString);stringsqlquery="INSERTINTO[User](Username,Password,SecurityQuestionOne,"+"SecurityAnswerOne,SecurityQuestionTwo,SecurityAnswerTwo)"+"VALUES(@Username,@Password,@QuestionOne,@AnswerOne,@QuestionTwo,@AnswerTwo)";SqlCommand命令=newSqlCommand(sqlquery,connection1);stringuserName=txtRegisterUsername.Text;command.Parameters.AddWithValue("用户名",userName);字符串密码=txtRegisterRepeatPassword.Text;command.Parameters.AddWithValue("密码",密码);字符串questionOne=lstRegisterSecurityQuestionOne.SelectedText;command.Parameters.AddWithValue("QuestionOne",questionOne);字符串questionTwo=lstRegisterSecurityQuestionTwo.SelectedText;command.Parameters.AddWithValue("QuestionTwo",questionTwo);努力nganswerOne=txtRegisterSecurityAnswerOne.SelectedText;command.Parameters.AddWithValue("AnswerOne",answerOne);字符串answerTwo=txtRegisterSecurityAnswerTwo.SelectedText;command.Parameters.AddWithValue("AnswerTwo",answerTwo);命令.Connection=connection1;connection1.Open();命令.ExecuteNonQuery();connection1.Close();}if(txtRegisterSecurityAnswerOne.TextLength>0&&txtRegisterSecurityAnswerTwo.TextLength>0){SqlConnectionconnection1=newSqlConnection(Properties.Settings.Default.BlackBookDBConnectionString);connection1.Open();stringsqlquery="INSERTINTO[User](Username,Password,SecurityQuestionOne,"+"SecurityAnswerOne,SecurityQuestionTwo,SecurityAnswerTwo)"+"VALUES(@Username,@Password,@QuestionOne,@AnswerOne,@QuestionTwo,@AnswerTwo)";SqlCommand命令=newSqlCommand(sqlquery,connection1);stringuserName=txtRegisterUsername.Text;命令.Parameters.Add("@Username",SqlDbType.VarChar,200).Value=用户名;字符串密码=txtRegisterRepeatPassword.Text;command.Parameters.Add("@Password",SqlDbType.VarChar,200).Value=password;字符串questionOne=lstRegisterSecurityQuestionOne.SelectedText;command.Parameters.Add("@QuestionOne",SqlDbType.VarChar,200).Value=questionOne;字符串questionTwo=lstRegisterSecurityQuestionTwo.SelectedText;command.Parameters.Add("@QuestionTwo",SqlDbType.VarChar,200).Value=questionTwo;字符串answerOne=txtRegisterSecurityAnswerOne.SelectedText;command.Parameters.Add("@AnswerOne",SqlDbType.VarChar,200).Value=answerOne;字符串answerTwo=txtRegisterSecurityAnswerTwo.SelectedText;command.Parameters.Add("@AnswerTwo",SqlDbType.VarChar,200).Value=answerTwo;命令.ExecuteNonQuery();connection1.Close();}删除此行:cmd.CommandText="INSERTINTOUSer()";编辑查看新代码后,您的参数名称错误(缺少@)您应该将代码更改为:stringuserName=txtRegisterUsername.Text;命令.Parameters.AddWithValue("@Username",userName);字符串密码=txtRegisterRepeatPassword.Text;command.Parameters.AddWithValue("@Password",密码);字符串questionOne=lstRegisterSecurityQuestionOne.SelectedText;command.Parameters.AddWithValue("@QuestionOne",questionOne);字符串questionTwo=lstRegisterSecurityQuestionTwo.SelectedText;command.Parameters.AddWithValue("@QuestionTwo",questionTwo);字符串answerOne=txtRegisterSecurityAnswerOne.SelectedText;命令。Parameters.AddWithValue("@AnswerTwo",answerOne);字符串answerTwo=txtRegisterSecurityAnswerTwo.SelectedText;命令.Parameters.AddWithValue("@AnswerTwo",answerTwo);删除分配cmd.CommandText的第二行-它会覆盖第一行UserisSQLkeywordintheserver,如果您有一个带有该名称的表(您不必将其包装)在方括号中:cmd.CommandText="INSERTINTO[User]...附注-了解参数化查询。它们是避免SQL注入攻击的好方法(更不用说乱七八糟的字符串连接了)以上是C#学习教程:我不能用c#插入我的数据库分享所有内容,如果对大家有用需要了解更多关于C#学习教程,希望大家多多关注。本文收集自网络,不代表立场。如涉及侵权,请点击右侧联系管理员删除。如需转载请注明出处:
