Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Ok, so it’s easy in VB, but I can’t figure it out in C#:
SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM tblUsers WHERE username = '" & username & "'", cn);
This throws
CS0019: Operator '&' cannot be applied to operands of type 'string' and 'string'
Googled it and can’t find an answer, help this newbie here please!
You’ve already got six (and counting) recommendations to use + instead of &. However, you’d be much better off in the long run to use a parameterized query instead of concatenating a variable directly into the SQL statement. By concatenating, especially if that’s user input, you are wide open for SQL injection attacks. By using parameters, you block SQL injection.