实在憋不住了!
数据库
create table usermessage
(
userID int primary key,
userName varchar(12) not null,
userPsw varchar(12) not null
)
insert into usermessage values(1, 'abc ', 'abc ')

程序:
DB 类中
public static bool sr(int userid, string userpsw)
{
SqlConnection cn = DB.cn();
cn.Open();
SqlCommand cm = new SqlCommand( "select Count(*) from usermessage where userid= ' " + userid + " 'and userpsw= " + userpsw, cn);
int count = System.Convert.ToInt32(cm.ExecuteScalar());

if (count > 0)
{
return true;

}
else
{
return false;
}
}
---------------------------
BUTTON的点击事件下!
int userID = System.Convert.ToInt32(this.TextBox1.Text);
string userpsw = this.TextBox2.Text;
if (DB.sr(userID, userpsw))
{
this.Response.Redirect( "Default.aspx ");

}
else
{
不能登录!
}

总是在这里 int count = System.Convert.ToInt32(cm.ExecuteScalar());报错!
说列名abc无效!

后来我
update usermessage set userpsw=123 where userID=1
把密码改成数字后就能成功登录...!!
我哪里写错了??只有数字密码才能登录 而字母就不行!!!


郁闷中!


[解决办法]
SqlCommand cm = new SqlCommand( "select Count(*) from usermessage where userid= ' " + userid + " 'and userpsw= " + userpsw, cn);==> SqlCommand cm = new SqlCommand( "select Count(*) from usermessage where userid= ' " + userid + " ' and userpsw= ' " + userpsw + " ' ", cn);
[解决办法]
SqlCommand cm = new SqlCommand( "select Count(*) from usermessage where userid= ' " + userid + " 'and userpsw= " + userpsw, cn);

to：

SqlCommand cm = new SqlCommand( "select Count(*) from usermessage where userid= ' " + userid + " ' and userpsw= ' " + userpsw+ " ' ", cn);

[解决办法]
SQL中字符串必须放在 ' '里
[解决办法]
注意哦做特殊字符处理！！1
[解决办法]
public static bool sr(int userid, string userpsw)
{
SqlConnection cn = DB.cn();

SqlCommand cm = new SqlCommand( "select Count(*) from usermessage where userid= " + userid + " and userpsw= ' " + userpsw + " ' ", cn);
cn.Open();
int count = System.Convert.ToInt32(cm.ExecuteScalar());
cn.Close();
if (count > 0)
{
return true;

}
else
{
return false;
}
}