有人可以指出导致此错误的原因是什么?我一直在试图解决它,但我失败了。我不明白'ID'有什么问题......究竟哪个部分产生了这个错误?在'ID'附近预期条件的上下文中指定的非布尔型表达式的表达式
这里是我的代码:
protected void Button1_Click(object sender, EventArgs e)
{
SqlConnection conn = new SqlConnection();
conn.ConnectionString = SqlDataSource1.ConnectionString;
string str = "SELECT * FROM Student "
+ " WHERE Student ID = '" + StudentID.Text + "' AND "
+ " Password = '" + SPassword.Text + "'";
SqlCommand cmdSelect = new SqlCommand(str, conn);
SqlDataReader reader;
conn.Open();
reader = cmdSelect.ExecuteReader();
if (reader.Read())
{
if (StudentID.Text == "900000000")
Response.Write("<body onload=\"window.open('Admin.aspx', '_top')\"></body>");
else
Response.Write("<body onload=\"window.open('user.aspx', '_top')\"></body>");
}
else
lblMsg.Text = "Invalid Username and/or Password, please re-try!!";
conn.Close();
}
用SQL注入显式编写代码不是一个好主意。请查看http://stackoverflow.com/search?tab=votes&q=[c%23]%20sql%20injection,了解使用参数化查询的正确方法。 – 2013-03-21 01:46:28