代码错哪儿了呢?

SqlDataReader dr = cm.ExecuteReader();,执行到这条语句就出错..说在user关键字附近有语法错误.
----------------------------------

protected void Button1_Click(object sender, EventArgs e)
{

string strconn = ConfigurationManager.ConnectionStrings["conn"].ConnectionString;
SqlConnection conn = new SqlConnection(strconn);
conn.Open();
string strsql = "select * from user where uid = '" + userid.Text + "' and pwd='" + passwd.Text + "'";
SqlCommand cm = new SqlCommand(strsql, conn);
SqlDataReader dr = cm.ExecuteReader();
if (dr.Read())
{
Session["uid"] = dr["uid"];
Session["level1"] = dr["level1"];



}

conn.Open();
conn.Close();


----------------------------------------
}