sql语句大家看看哪里出错了，多谢啊

sql语句大家看看哪里出错了，谢谢啊！

<%
dim ObjConn,ConnStr,ObjRS,SqlStr
UserId = trim(request.form( "UserId "))
UserPwd= trim(request.form( "UserPwd "))

ConnStr= "provider=microsoft.jet.oledb.4.0;data source= " & _
server.mappath( "../db/sysm.mdb ")

set ObjConn= server.createObject( "adodb.connection ")
Objconn.open ConnStr
set ObjRS= server.createObject( "adodb.Recordset ")

SqlStr= "SELECT * FROM user WHERE " & " Userid = ' " & userid " ' " _
& "and Userpwd= ' " userpwd & " '; '
ObjRS.open SqlStr,ObjConn,1,3

IF ObjRS.EOF THEN
Response.write " <center> 不存在此用户或密码错误!
</center> "
%>
<%
ELSE IF UserId= "admin " then
session( "userId ")=UserId
session( "userpwd ")=UserPwd
session( "Passed ")=true
server.transfer( "adimn.asp ")
ELSE
session( "userId ")=UserId
session( "userpwd ")=UserPwd
session( "Passed ")=true
server.transfer( "commuser.asp ")

END IF
end if

ObjConn.close
ObjRS.close
set ObjRS= nothing
SET Objconn= nothing

%>

上面的代码执行时，总是说sql语句出错，可是明明对呀，我实在检查不出来，大家给看看。
错误类型：
Microsoft VBScript 编译器错误 (0x800A0401)
语句未结束
/myweb/log/app/logon.asp, line 24, column 60
SqlStr= "SELECT * FROM user WHERE " & " Userid = ' " & userid " '; "

[解决办法]
SqlStr= "SELECT * FROM [user] WHERE Userid = ' " & Replace(userid, " ' ", " ' ' ") & " ' "
[解决办法]
SqlStr= "SELECT * FROM user WHERE Userid = ' " & userid & " ' and Userpwd= ' " userpwd & " ' "
[解决办法]
SqlStr= "SELECT * FROM [user] WHERE Userid = ' " & replace(userid, ", ", " ' ' ") & " ' and Userpwd= ' "& replace(userpwd, " ' ", " ' ' ") & " ' " "

user是关键字,最好不要用它来做表名或者字段名...

sql语句大家看看哪里出错了多谢啊

热点推荐