我正在尝试运行此注册表单,但每当我尝试运行它时,都会收到一条错误消息,提示我在使用 INSERT INTO 命令时出错。
这是错误日志:http://i.imgur.com/dQYP0U7.png
完整代码如下:
protected void Page_Load(object sender, EventArgs e)
{
string username = Request.Form["username"];
string password = Request.Form["password"];
string email = Request.Form["email"];
OleDbConnection dbCon = new OleDbConnection();
OleDbCommand dbCmd = new OleDbCommand();
String Path = Server.MapPath(@"../App_Data/XXX.mdb;");
dbCon.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data source=" + Path;
dbCmd.Connection = dbCon;
OleDbDataAdapter dataA = new OleDbDataAdapter(dbCmd);
dbCmd.CommandText = String.Format("SELECT * FROM Members where username = '{0}';", username);
DataTable dataT = new DataTable();
dataA.Fill(dataT);
if (dataT.Rows.Count == 0)
{
//dbCmd.CommandText = String.Format("INSERT INTO Members (username, password, email) VALUES ('{0}','{1}','{2}');", username, password, email);
dbCmd.CommandText = String.Format("INSERT INTO Members (username, password, email) VALUES ('" + username + "','" + password + "','" + email + "')");
dbCon.Open();
dbCmd.ExecuteNonQuery();
dbCon.Close();
}
else
{
Response.Write("That username is alredy taken");
Response.Redirect("register.aspx");
}
}
我希望它正确执行命令并将其添加到数据库中。 如您所见,我尝试使用两种方法将数据输入数据库
dbCmd.CommandText = String.Format("INSERT INTO Members (username, password, email) VALUES ('{0}','{1}','{2}');", username, password, email);
和
dbCmd.CommandText = String.Format("INSERT INTO Members (username, password, email) VALUES ('" + username + "','" + password + "','" + email + "')");
它们都不起作用。
谁能帮我解决这个问题?
谢谢你:)
最佳答案
问题是电子邮件地址包含 @ 符号,它被解释为 sql 参数。
解决方法是正确使用参数
关于sql - 每当我尝试运行这段代码时,它都会给我一个错误。 [ASP.NET SQL],我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/28973816/