Reputation: 63
SQL "Incorrect syntax near the keyword 'from'."
I'm new to SQL and visual studio etc. but I've changed something that isn't allowing me to login to my application. Whenever I press the login button I get this error
Incorrect syntax near the keyword 'from'
Here is where the source may be;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
namespace RockPaperApp
{
public partial class WebForm1 : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (Session["New"] != null)
{
Response.Redirect("/Game.aspx");
}
}
protected void RegButton_Press(object sender, EventArgs e)
{
Response.Redirect("/Register.aspx");
}
protected void LogButton_Press(object sender, EventArgs e)
{
string username = UsernameLogTxt.Text;
try
{
string conn = ConfigurationManager.ConnectionStrings["UserConS"].ToString();
string CommandText = "pword from data Username=@username";
using (SqlConnection connection = new SqlConnection(conn.ToString()))
using (SqlCommand command = new SqlCommand(CommandText, connection))
{
command.Parameters.AddWithValue("@username", username);
connection.Open();
using (SqlDataReader reader = command.ExecuteReader())
{
while (reader.Read())
{
string realpass = reader[0].ToString();
if (realpass != PasswordLogTxt.Text)
{
Response.Write("<span style='color:red'>A Wrong Username of Password has been entered.</span>");
}
else
{
Session["New"] = UsernameLogTxt.Text;
Response.Redirect("/Game.aspx");
}
}
if (!reader.HasRows)
{
Response.Write("No such username exists.");
}
}
connection.Close();
}
}
catch (SqlException ex)
{
Response.Write( ex.Message);
}
}
protected void Button1_Click(object sender, EventArgs e)
{
Response.Redirect("Register.aspx");
}
}
}
Upvotes: 1
Views: 13555
Answers (2)
Reputation: 219057
This isn't a valid SQL query:
"pword from data Username=@username"
Maybe you copied/pasted part of a query when you meant to copy/paste the whole thing? It doesn't even look like a valid part of a query, though.
The error is telling you that the problem is at keyword from because that's the first thing it encounters after the error. For SQL errors, always look at the very last thing that was parsed before the location of the error, that last thing is what caused it. In this case the keyword pword caused it, since that's not a valid keyword or identifier in SQL and the query parser couldn't make sense of it.
Side note: All too often on Stack Overflow we have to lecture developers, new and experienced alike, for SQL injection vulnerabilities. This is a rare chance where I get to personally commend you for taking the initiative to use parameterized queries despite your relatively new experience level. I'm genuinely impressed, please keep up the good work!
Another side note: Though, you are also storing passwords in plain text, which is a very very bad thing. It's better to hash the password and store the hash. Then when a user enters a password, hash what they enter and compare it against the stored hash. Once you get this working, I hope you address that as well :)
Upvotes: 2
Reputation: 43436
Your SQL needs to be: SELECT pword FROM data WHERE Username=@username.
The capitalization of the keywords (SELECT, FROM, WHERE) doesn't matter.
Upvotes: 1
Related Questions
- How to solve Syntax error in FROM clause?
- MS Access SQL error in From Clause
- Incorrect syntax near the keyword 'from' (NOT IN)
- SQL syntax error after FROM (other_query)
- Syntax Error in FROM clause - SQL Fault
- Error with FROM clause containing a subquery
- Incorrect syntax near the keyword 'FROM' in my query
- Access query error ("syntax error in from clause")
- MSSQL parameterized query causes "Incorrect syntax near the keyword 'from'"
- SQL Syntax error in FROM clause