I want to select user but i cant get it . Here's my query
SqlCommand myCommand = new SqlCommand("Select * from Users where Email=" + UserEmailPass.Email + "And Password=" + UserEmailPass.Password, conn);
SqlDataReader Detailsreader = myCommand.ExecuteReader();
Is my query correct or not>? please help
Anonymous User
28-Nov-2014SqlCommand myCommand = new SqlCommand("Select * from Users where Email=@mail and Password@pass" , conn);
System.Data.SqlClient.SqlParameter par = new System.Data.SqlClient.SqlParameter("@mail", UserEmailPass.Email );
System.Data.SqlClient.SqlParameter par1 = new System.Data.SqlClient.SqlParameter("@pass", UserEmailPass.Password);
myCommand.Parameters.Add(par);
myCommand.Parameters.Add(par1);
SqlDataReader Detailsreader = myCommand.ExecuteReader();
DO NOT USE string concat!!!!