-4
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["RegistrationConnectionString"].ConnectionString);
conn.Open();
string checkUser = " select count(*) form Userdata where Username='" + TextBoxUN.Text + "' ";
SqlCommand cmd = new SqlCommand(checkUser,conn);

if (temp==1)
{
    Response.Write("User Already Exists");
}
conn.Close();

System.Data.SqlClient.SqlException was unhandled by user code HResult=-2146232060 Message=Incorrect syntax near 'Userdata'

int temp= Convert.ToInt32(cmd.ExecuteScalar().ToString());
Soner Gönül
  • 97,193
  • 102
  • 206
  • 364
user3555689
  • 33
  • 1
  • 6

1 Answers1

1

The error message says:

Incorrect syntax near 'Userdata'

That tells you that the SQL parser gave up at the word Userdata because the syntax no longer made sense, which usually means that the actual error is close before that word.

If you look at that part of your query:

select count(*) form Userdata

The word right before Userdata is form, but you should recognise that it's not the keyword from that you intended to write.

Side note (but an important one): The value that you concatentate into the query is not properly escaped, so the code is wide open to SQL injection attacks. You should use a parameter to put the value in the query:

string checkUser = "select count(*) from Userdata where Username = @Username";
SqlCommand cmd = new SqlCommand(checkUser,conn);
cmd.Parameters.AddWithValue("@Username", TextBoxUN.Text);
Guffa
  • 687,336
  • 108
  • 737
  • 1,005