62,074
社区成员
发帖
与我相关
我的任务
分享哪出错了,谢谢(*.mdb)
string strAdminID = tbAdminID.Text.Trim().ToUpper();
string strPassword = tbPassword.Text.Trim();
string strSql = "select Admin_Power from Admin where Admin_ID="+strAdminID+" and Admin_Password="+strPassword;
string strConn = "Provider=Microsoft.Jet.OLEDB.4.0;Password=;User ID=Admin;Data Source=" + Server.MapPath(ConfigurationSettings.AppSettings["DataBase"]);
OleDbConnection connDataBase = new OleDbConnection ((String)strConn);
OleDbCommand commDataBase = new OleDbCommand(strSql, connDataBase);
connDataBase.Open();
OleDbDataReader drDataBase = commDataBase.ExecuteReader();
if (drDataBase.Read())
{
lbMessage.Text = "对不起,用户名或密码出错,请重试,谢谢!";
return;
}
else
{
Session["sinConnString"] = strConn;
}
报
异常详细信息: System.Data.OleDb.OleDbException: 至少一个参数没有被指定值。
行 64: OleDbDataReader drDataBase = commDataBase.ExecuteReader();
谢谢
string strPassword = tbPassword.Text.Trim();
string strSql = "select Admin_Power from Admin where Admin_ID="+strAdminID+" and Admin_Password="+strPassword;
string strConn = "Provider=Microsoft.Jet.OLEDB.4.0;Password=;User ID=Admin;Data Source=" + Server.MapPath(ConfigurationSettings.AppSettings["DataBase"]);
OleDbConnection connDataBase = new OleDbConnection ((String)strConn);
OleDbCommand commDataBase = new OleDbCommand(strSql, connDataBase);
connDataBase.Open();
OleDbDataReader drDataBase = commDataBase.ExecuteReader();
if (drDataBase.Read())
{
lbMessage.Text = "对不起,用户名或密码出错,请重试,谢谢!";
return;
}
else
{
Session["sinConnString"] = strConn;
}
报
异常详细信息: System.Data.OleDb.OleDbException: 至少一个参数没有被指定值。
行 64: OleDbDataReader drDataBase = commDataBase.ExecuteReader();
谢谢
...全文
请发表友善的回复…
发表回复
saucer 2003-10-09
- 打赏
- 举报
make sure strAdminID and strPassword are not empty
string strAdminID = tbAdminID.Text.Trim().ToUpper();
string strPassword = tbPassword.Text.Trim();
string strSql = "select Admin_Power from Admin where Admin_ID="+strAdminID+" and Admin_Password="+strPassword;
Response.Write("****" + strSql + "****");
by the way, your sql is susceptible to sql injection attack, consider to use a parameterized query instead
string strAdminID = tbAdminID.Text.Trim().ToUpper();
string strPassword = tbPassword.Text.Trim();
string strSql = "select Admin_Power from Admin where Admin_ID="+strAdminID+" and Admin_Password="+strPassword;
Response.Write("****" + strSql + "****");
by the way, your sql is susceptible to sql injection attack, consider to use a parameterized query instead
