string sql = string.Format("Select * from WebUsers Where UserName='@uName' AND Email = '@eMail'");
command = new SqlCommand();
SqlParameter sParameter = new SqlParameter("@uName", System.Data.SqlDbType.NVarChar);
sParameter.Value = uName;
command.Parameters.Add(sParameter);
sParameter = new SqlParameter("@eMail", System.Data.SqlDbType.NVarChar);
sParameter.Value = eMail;
command.Parameters.Add(sParameter);
result = Convert.ToInt32(dal.TESTScalar(sql,command));
v DAL:
public object TESTScalar(string sql, SqlCommand sCommand)
{
object result;
command = new SqlCommand(sql, connection);
foreach (SqlParameter p in sCommand.Parameters)
{
command.Parameters.AddWithValue(p.ParameterName, p.Value);
}
if (connection.State == ConnectionState.Open)
result = command.ExecuteScalar();
else
{
connection.Open();
result = command.ExecuteScalar();
connection.Close();
}
return result;
}