SqlCommand command = new SqlCommand("SELECT Id FROM users WHERE Username=@Username AND Password=HASHBYTES('MD5', @Password)");
command.Parameters.AddWithValue("@Username", pieces[1]);
command.Parameters.AddWithValue("@Password", pieces[2]);
doesn't return correct result
SqlCommand command = new SqlCommand("SELECT Id FROM users WHERE Username=@Username AND Password=@Password");
command.Parameters.AddWithValue("@Username", pieces[1]);
command.Parameters.AddWithValue("@Password", pieces[2]);
returns correct result, however the data in mssql database has to be not coded
what am I doing wrong?
P.S.1 If I try to execute the first line in the manager, writing the appropriate data instead of @something like this
SELECT Id FROM users WHERE Username='test' AND Password=HASHBYTES('MD5', 'testpass')
then it's all good and I get a good result.
P.S.2 I am sure pieces[] bring correct data.
P.S.3 Maybe there is a way to check how the SqlCommand looks once with parameters added or other way to check why it is failing?