String accessString = WebConfigurationManager.ConnectionStrings[ "accessConnectionString "].ConnectionString
+ Server.MapPath( "data/msgBoard.mdb ");
OleDbConnection accessConn = new OleDbConnection(accessString);
accessConn.Open();
string struser,strpwd;
struser=Txbname.Text.ToString().Trim();
strpwd=Txbpwd.Text.ToString().Trim();
string sql = "select * from admin where user= " +struser + " and password= " + strpwd;
OleDbCommand cmd = new OleDbCommand(sql,accessConn);
OleDbDataReader dr = cmd.ExecuteReader();// 错误所在行 if (dr.Read())
{
Session[ "identity "] = "admin ";
Response.Redirect( "admin.aspx ");
}
------解决方案--------------------------------------------------------
string sql = "select * from admin where user= ' " +struser + " ' and password= ' " + strpwd+ " ' ";
上句差了个双引号。
------解决方案--------------------------------------------------------
string sql = "select * from admin where user= " +struser + " and password= " + strpwd;
===================================================================================
string sql = "select * from [admin] where [user] = ' " + struser + " ' and [password]= ' " + strpwd + " ' ";
------解决方案--------------------------------------------------------
user= ' " +struser + " '
在SQL查询语句里,string格式的要用 ' '号包括起来。
那么在C#的语法里,引用变量要用双引号。在string里+代表连接字符传