表名附近的C＃语法错误[重复]

This question already has an answer here:

这个问题在这里已有答案：

Simple SELECT statement fails with “syntax to use near”, “ORA-00906”, “syntax error at or near” or “syntax near the keyword” 2 answers
简单的SELECT语句失败，“语法使用附近”，“ORA-00906”，“语法错误在或附近”或“语法附近的关键字”2答案
Creating table names that are reserved words/keywords in MS SQL Server [closed] 12 answers
在MS SQL Server中创建保留字/关键字的表名[已关闭] 12个答案

I am having some problem when trying to check login credential for 3-tier project in C#.

我在尝试检查C＃中3层项目的登录凭据时遇到了一些问题。

Currently, I have a table named User with userName and password columns.

目前，我有一个名为User的表，其中包含userName和password列。

In my BusinessLogicLayer, I get the user input and pass them to dataAccessLayer:

在我的BusinessLogicLayer中，我获取用户输入并将它们传递给dataAccessLayer：

public string checkCredential(string userName, string password)
{
    string returnMessage = "";
    User user = new User(userName, password);
    Boolean success = user.checkCredential();
    if (!success)
    {
        returnMessage += "Username and password does not match!";
    }
    else
    {
        returnMessage = "";
    }
    return returnMessage;
}

In my Data Access Layer, I got a method to check for login creddential:

在我的数据访问层中，我有一个检查登录信用的方法：

public Boolean checkCredential()
{
    Boolean result = false;

    using (var connection = new SqlConnection(FFTHDb.connectionString)) // get your connection string from the other class here
    {
        SqlCommand command = new SqlCommand("SELECT userName, password FROM User WHERE userName = '" + userName + "' AND password = '" + password + "'", connection);
        connection.Open();
        using (var dr = command.ExecuteReader())
        {
            if (dr.Read())
            {
                result = true;
            }
        }
    }
    return result;
}

And I got a separated class to set the connection string:

我有一个分隔的类来设置连接字符串：

public static string connectionString = DataAccessLayer.Properties.Settings.Default.DBConnStr;


public static SqlDataReader executeReader(string query)
{
    SqlDataReader result = null;

    System.Diagnostics.Debug.WriteLine("FFTHDb executeReader: " + query);

    SqlConnection connection = new SqlConnection(connectionString);
    SqlCommand command = new SqlCommand(query, connection);
    connection.Open();
    result = command.ExecuteReader();
    connection.Close();

    return result;
}

There is no compilation errors. And I double checked for the table name and columns in database. However, it just keeps telling me that there is syntax error near User. I wonder why is it so.

没有编译错误。我仔细检查了数据库中的表名和列。但是，它只是告诉我User附近有语法错误。我想知道为什么会这样。

Thanks in advance.

提前致谢。

3 个解决方案

#1

User is a reserved keyword on T-SQL. You should use it with square brackets like [User]

User是T-SQL上的保留关键字。您应该使用方括号，如[用户]

Also using parameterized queries always a good practice.

使用参数化查询总是一个很好的做法。

And Never store passwords in plain text! Use SHA-512 hash.

永远不要以明文形式存储密码！使用SHA-512哈希。

#2

User is a reserved keyword so you need to add square brackets around it. For a list see here. So, you should do it like this

用户是保留关键字，因此您需要在其周围添加方括号。有关列表，请参见此处。所以，你应该这样做

SELECT userName, password FROM [User] WHERE userName =

#3

-1

Problem : the table name which you have provided is User is a Keyword in Transact-SQL.
Reserved Words

问题：您提供的表名是User是Transact-SQL中的关键字。保留字

Solution: Enclose the reserved word User in square brackets [].

解决方案：将保留字User括在方括号[]中。

Solution 1:

解决方案1：

SqlCommand command = new SqlCommand("SELECT userName, password FROM [User] WHERE userName = '" + userName + "' AND password = '" + password + "'", connection);

Solution 2:

解决方案2：

    SqlCommand command = new SqlCommand("SELECT userName, password FROM [User] WHERE userName= @username AND password = @password", connection);
    command.Parameters.AddWithValue("@username",userName);
    command.Parameters.AddWithValue("@password",password);

#1