I have a project in school and and I need to connect my registration page with a database. I have this code:

我在学校有一个项目，我需要将我的注册页面与数据库连接起来。我有这个代码：

if (Request.Form["submit"] != null)
{
    string fName = Request.Form["fName"];
    string lName = Request.Form["lName"];
    string Passwod = Request.Form["Passwod"];
    string email = Request.Form["email"];
    string add = Request.Form["add"];

    string RegStatus;

    if ((fName == "") || (lName == "") || (Passwod == "") || (email == "") || (add == ""))
    {
        RegStatus = ("missing data or wrong data");
    }
    else
    {
        string selectQuery = "SELECT * FROM " + "[Users]";
        selectQuery += " WHERE ";
        selectQuery += " email = '" + Request.Form["email"] + "'";

        if (MyAdoHelper.IsExist(selectQuery))
        {
            RegStatus = ("email does not exists");
        }
        else
        {
            string insertQuery = "INSERT INTO [Users] (fName,lName,Passwod, email,add) VALUES ('";
            insertQuery += fName + "', '" + lName +"','" + Passwod + "', '" + email + "','" + add +"')";
            Response.Write(insertQuery);
            MyAdoHelper.DoQuery(insertQuery);
            RegStatus = ("Registeration was successful "); 
        }
    }

    Response.Write(RegStatus);
    Response.End();
}

The error I get after filling the data (after running) is:

填写数据后（运行后）得到的错误是：

System.Data.SqlClient.SqlException: Incorrect syntax near the keyword 'add'.

System.Data.SqlClient.SqlException：关键字“add”附近的语法不正确。

source error:

来源错误：

public static void DoQuery(string sql)
    {
        SqlConnection conn = ConnectToDb();
        conn.Open();
        SqlCommand com = new SqlCommand(sql, conn); 
        com.ExecuteNonQuery(); //* it says the error is in this line. //*
        com.Dispose();
        conn.Close();
    }

1 个解决方案

INSERT INTO [Users] (fName,lName,Passwod, email,[add]) VALUES... 

#1

INSERT INTO [Users] (fName,lName,Passwod, email,[add]) VALUES...