更新时间:2023-02-07 22:50:32
您没有名为的参数@name
在您的SQL语句中。也许你想选择它像
You don't have a parameter called@name
in your SQL statement. Perhaps you wanted to select it like
SELECT Name FROM NewsClip_Login WHERE Username = @Username AND Password = @Password";
如果您正在尝试这样做,那么您可以参考结果列wiuthout @,因为它用于参数。
关于密码的另一件事。永远不要将密码存储为纯文本。它们应始终单向散列。请查看密码存储:怎么做。 [ ^ ]
ADDITION
--------- -
If that is what you're trying to do then you refer to the result columns wiuthout @ since that is used for parameters.
Another thing concerning the password. Never ever store the passwords as plain text. They should always be hashed one-way. Have a look at Password Storage: How to do it.[^]
ADDITION
-----------
string queryText = @"SELECT Name FROM NewsClip_Login WHERE Username = @Username AND Password = @Password";
using (SqlConnection cn = new SqlConnection("Data Source=PRIMO-CHALICE;Initial Catalog=NewsClip;Integrated Security=True")) {
using (SqlCommand cmd = new SqlCommand(queryText, cn))
{
cn.Open();
cmd.Parameters.AddWithValue("@Username", UsernameTextBox.Text);
cmd.Parameters.AddWithValue("@Password", PasswordTextBox.Text);
SqlDataReader reader = cmd.ExecuteReader();
reader.Read();
NameLabel.Text = reader["Name"].ToString();
NameLabelText = NameLabel.Text;
reader.Close();
...
抱歉,我没有意识到您的SQL语句没有名称列
Sorry I didn't realize that your SQL statement not having Name column
SELECT Count(*) FROM NewsClip_Login
如果您正在使用阅读器,则应该具有列名,例如,如果您要获取值那么你应该在你的select语句中有name列。
从阅读器中删除@它应该是reader [Name]
You should have columnname if you are using reader for example if you are fetching the value of name then you should have name column in your select statement.
Remove @ from the reader it should be reader ["Name"]