SQLException：字符串'''後未使用引號

當我添加了撇號字符（'）我得到的錯誤：

An unhandled exception of type 'System.Data.SqlClient.SqlException' occurred in Microsoft.Practices.EnterpriseLibrary.Data.dll

Additional information: Unclosed quotation mark after the character string '''. Incorrect syntax near '''.

這裏是登錄密碼。這是單獨的用戶名和密碼，但它的工作原理。

public String getSenha(string user) 
    { 
     String Query = "SELECT senha FROM dbo.Login WHERE usuario = '" + user + "'"; //Comando 

     Conexao Connection = new Conexao(); //Instancia a classe conexao 
     object ret = Connection.QueryScalar(Query); //Executa o comando e salva o resultado em 'ret' 

     if (ret.GetType() == typeof(int)) 
      return null; 
     else 
      return (string)ret; 
    } 

public Boolean checkUser(string user) 
    { 
     String Query = "SELECT COUNT(usuario) FROM dbo.Login WHERE usuario = '" + user + "'"; 
     Conexao Connection = new Conexao(); 

     if ((int)Connection.QueryScalar(Query) > 0) // renorno de 0 significa que nao existe esse usuario. 
      return true; 
     else 
      return false; 
    } 

public Object QueryScalar(string Command) 
    { 
     // Error is thrown here 
     return DatabaseFactory.CreateDatabase("Windows.Properties.Settings.dboSoftwareGSCConnectionString").ExecuteScalar(CommandType.Text, Command); 
    }

來源

2014-12-22 Gabriel Bernardone

哦，真.. THKS –

顯示你的命令字符串，這其中的問題。 – dbugger

我必須學習如何最好地制定問題kkkk。我希望你能有所改善。 –