string sql = string.Format("Select * from WebUsers Where UserName='@uName' AND Email = '@eMail'"); command = new SqlCommand(); SqlParameter sParameter = new SqlParameter("@uName", System.Data.SqlDbType.NVarChar); sParameter.Value = uName; command.Parameters.Add(sParameter); sParameter = new SqlParameter("@eMail", System.Data.SqlDbType.NVarChar); sParameter.Value = eMail; command.Parameters.Add(sParameter); result = Convert.ToInt32(dal.TESTScalar(sql,command)); v DAL: public object TESTScalar(string sql, SqlCommand sCommand) { object result; command = new SqlCommand(sql, connection); foreach (SqlParameter p in sCommand.Parameters) { command.Parameters.AddWithValue(p.ParameterName, p.Value); } if (connection.State == ConnectionState.Open) result = command.ExecuteScalar(); else { connection.Open(); result = command.ExecuteScalar(); connection.Close(); } return result; }