string sql string Format Select from WebUsers Where UserName uName AND

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
string sql = string.Format("Select * from WebUsers Where UserName='@uName' AND Email = '@eMail'");
command = new SqlCommand();
SqlParameter sParameter = new SqlParameter("@uName", System.Data.SqlDbType.NVarChar);
sParameter.Value = uName;
command.Parameters.Add(sParameter);
sParameter = new SqlParameter("@eMail", System.Data.SqlDbType.NVarChar);
sParameter.Value = eMail;
command.Parameters.Add(sParameter);
result = Convert.ToInt32(dal.TESTScalar(sql,command));
v DAL:
public object TESTScalar(string sql, SqlCommand sCommand)
{
object result;
command = new SqlCommand(sql, connection);
foreach (SqlParameter p in sCommand.Parameters)
{
command.Parameters.AddWithValue(p.ParameterName, p.Value);
}
if (connection.State == ConnectionState.Open)
result = command.ExecuteScalar();
else
{
connection.Open();
result = command.ExecuteScalar();
connection.Close();
}
return result;
}