0

我正在尝试通过SqlParameter.

但是查询没有被执行。

string strSQL = @"SELECT User_ID, Enabled 
              FROM User_Reg 
              WHERE Username = @paramUsername 
                AND CAST(Password AS varbinary(30)) = CAST(@paramPassword AS varbinary(30))";

objSqlCommand = new SqlCommand(strSQL, objSqlDbComm.SqlConnectionObject);
objSqlCommand.Parameters.AddWithValue("@paramUsername", txtUsername.Text);
objSqlCommand.Parameters.AddWithValue("@paramPassword", txtPassword.Text);

DataTable objDataTable = objSqlDbComm.ExecuteDataset(objSqlCommand).Tables[0];

objDataTable.Rows.Count计数为 0。

4

2 回答 2

0 
string strSQL = @"SELECT User_ID, Enabled FROM User_Reg WHERE Username = '"+txtUsername.Text+"'AND CAST(Password AS varbinary(30)) = CAST('"+txtPassword.Text+"' AS varbinary(30))";
objSqlCommand = new SqlCommand(strSQL, objSqlDbComm.SqlConnectionObject);
objSqlCommand.ExecuteNonQuery();
于 2013-04-24T07:44:59.290 回答
-1 
string Query = @"SELECT User_ID, Enabled FROM User_Reg WHERE Username = '"+txtUsername.Text+"'AND CAST(Password AS varbinary(30)) = CAST('"+txtPassword.Text+"' AS varbinary(30))";
objSqlCommand = new SqlCommand(Query, objSqlDbComm.SqlConnectionObject);
objSqlCommand.ExecuteNonQuery();
于 2013-04-24T11:29:42.800 回答