-1
我的問題始終存在。請幫我找到問題。謝謝!'where子句'中的未知列「something」
MySqlConnection cnn = new MySqlConnection(mysqladdress);
cnn.Open();
try
{
MySqlCommand cmd = new MySqlCommand();
cmd.Connection = cnn;
cmd.CommandText = "SELECT * FROM info where StudentID ='" + textBox1.Text + "'and Name='" + textBox2.Text + "'";
MySqlDataReader reader = cmd.ExecuteReader();
int count = 0;
while (reader.Read())
{
count = count + 1;
}
if (count == 1)
{
MessageBox.Show("Welcome");
}
else if (count > 1)
{
MessageBox.Show("Access Denied");
}
else
{
MessageBox.Show("Wrong student ID and Password");
}
}
catch (Exception)
{
throw;
}
請仔細閱讀本:http://stackoverflow.com/questions/601300/what-is-sql-injection – DavidG
DavidG說什麼。此外,特定於.NET:https://msdn.microsoft.com/en-us/library/ff648339.aspx – GolfWolf
您在那個where子句中沒有列「something」。你能發佈確切的錯誤信息嗎? –