高手帮忙看看... - 编程论坛

关键字 'user' 附近有语法错误...不知道什么原因，请大家帮忙看看
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;
using System.Web.Configuration;
using System.Security.Cryptography;//使用HashPasswordForStringInConfigFile()函数需要的命名空间

public partial class admin_admin_manager : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        Literal1.Visible = false;
    }

    protected void add_Click(object sender, EventArgs e)
    {

    }

    protected void ok_Click(object sender, EventArgs e)
    {
        string name = username.Text.ToString();
        string passwd = password.Text.ToString();
        if (Session["checkcode"] == null)
        {
            Literal1.Text = "系统错误，不能生成验证码";
            Literal1.Visible = true;
            return;
        }
        if (chkcode.Text == "")
        {
            Literal1.Text = "请输入验证码";
            Literal1.Visible = true;
            return;
        }
        if ((Session["checkcode"].ToString(), chkcode.Text, true) != 0)
        {
            Literal1.Text = "验证码错误，请输入正确的验证码";
            Literal1.Visible = true;
            return;
        }
        if (name == "" | passwd == "")
        {
            Literal1.Visible = true;
            Literal1.Text = "请输入用户名和密码！";
        }
        else
        {
            string settings = Convert.ToString(ConfigurationManager.ConnectionStrings["cangku"]);;
            SqlConnection connection = new SqlConnection(settings);
            connection.Open();
            string mysql = "select * from user where userID=" + "'" + name + "'" + "and userPW=" + "'" + passwd + "'";
            SqlCommand mycmd = new SqlCommand(mysql, connection);
            SqlDataReader mydr = mycmd.ExecuteReader();
            try
            {
                if (mydr.Read())
                {
                    //Session["UserName"] = mydr[0];    //把用户名写入Session对象
                    //Session["adminGrade"] = mydr[2];   //把权限写入Session对象
                    Response.Write("<script>alert('登陆成功')</script>");
                    string sUrl = "Default.aspx?id=" + username.Text;
                    Response.Redirect(sUrl);
                }
                else
                {
                    Literal1.Visible = true;
                    Literal1.Text = "用户名或密码错误！";

                }
            }
            catch
            {

            }
            finally
            {
                mydr.Close();
                connection.Close();
            }
        }
    }
    protected void clear_Click(object sender, EventArgs e)
    {
        username.Text = "";
        password.Text = "";
        chkcode.Text = "";
    }
    protected void ButtonNew_Click(object sender, EventArgs e)
    {
    }
}
用户代码未处理SqlException
关键字 'user' 附近有语法错误。