Error on sql database “Must declare the scalar var

2020-02-14 09:12发布

站内问答 / C#
614 2 6

I have a problem with my login system. I made a simple system which worked well, but I wanted to make it more advanced and display a different start page depending on a user's UserType. However, I'm encountering the following error: "Must declare the scalar variable @UserType."

using System;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;

public partial class LoginwithEncryption : System.Web.UI.Page
{

    protected void btnSubmit_Click(object sender, EventArgs e)
    {
        SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["conStr"].ConnectionString);
        con.Open();
        SqlCommand cmd = new SqlCommand(
            "select * from dbo.UserInfo where Login =@Login and UserType=@UserType and Password=@Password and UserType=@UserType", con);
        cmd.Parameters.AddWithValue("@Login", txtUserName.Text);
        cmd.Parameters.AddWithValue("@Password", txtPWD.Text+".123");


        SqlDataAdapter da = new SqlDataAdapter(cmd);
        DataTable dt = new DataTable();
        da.Fill(dt);

        if (dt.Rows.Count > 0)
        {
            int usertype = Convert.ToInt32(dt.Rows[0]["UserType"]);


            if (usertype == 1)
            {
                Response.Redirect("StartPage.aspx");
            }
            else if (usertype == 2)
            {
                Response.Redirect("DiferentStartPage.aspx");
            }

        }
        else
        {
            ClientScript.RegisterStartupScript(Page.GetType(), "validation",
                "<script language='javascript'>alert('Invalid UserName and Password')</script>");
        }

    }
}

标签: c# asp.net sql
举报
2条回答
虎瘦雄心在
2楼-- · 2020-02-14 09:40

You have passed in @Login and @Password as parameters to your query, but you have not passed in @UserType as a parameter to your query.

查看更多
0人赞 添加讨论(0) 举报
够拽才男人
3楼-- · 2020-02-14 09:58

As the error states: Must declare the scalar variable "@UserType"

In other words, the SQL command has a parameter for @UserType, but there are no parameters declared in the parameters collection.

SqlCommand cmd = new SqlCommand(
"select * from dbo.UserInfo where Login =@Login and UserType=@UserType and Password=@Password and UserType=@UserType", con);
cmd.Parameters.AddWithValue("@Login", txtUserName.Text);
cmd.Parameters.AddWithValue("@Password", txtPWD.Text+".123");

Add another parameter for the @UserType parameter:

cmd.Parameters.AddWithValue("@UserType", "User Type");

Also, the SQL contains a duplicate reference to for @UserType:

select * from dbo.UserInfo 
where Login=@Login 
      and UserType=@UserType 
      and Password=@Password 
      and UserType=@UserType

Should probably be:

select * from dbo.UserInfo 
where Login=@Login 
      and Password=@Password
      and UserType=@UserType
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)