Member Avatar for kolibrizas 
SqlCommand command = new SqlCommand("SELECT Id FROM users WHERE Username=@Username AND Password=HASHBYTES('MD5', @Password)");
command.Parameters.AddWithValue("@Username", pieces[1]);
command.Parameters.AddWithValue("@Password", pieces[2]);

doesn't return correct result

SqlCommand command = new SqlCommand("SELECT Id FROM users WHERE Username=@Username AND Password=@Password");
command.Parameters.AddWithValue("@Username", pieces[1]);
command.Parameters.AddWithValue("@Password", pieces[2]);

returns correct result, however the data in mssql database has to be not coded

what am I doing wrong?

P.S.1 If I try to execute the first line in the manager, writing the appropriate data instead of @something like this

SELECT Id FROM users WHERE Username='test' AND Password=HASHBYTES('MD5', 'testpass')

then it's all good and I get a good result.

P.S.2 I am sure pieces[] bring correct data.

P.S.3 Maybe there is a way to check how the SqlCommand looks once with parameters added or other way to check why it is failing?

Edited by kolibrizas because: added P.S.3
  • 2 Contributors
  • 2 Replies
  • 181 Views
  • 9 Hours Discussion Span
  • Latest Post Latest Post by kolibrizas

Recommended Answers

All 2 Replies

Member Avatar for thines01

Do you need to cast the return value from the Hastable as a string, first (like pieces[1].ToString())?
Can you use a Dictionary<int, string> instead?

Edited by thines01 because: n/a
Member Avatar for kolibrizas

I did solve this myself, the problem being wrong base encoding, not the problem in my code itself. Can I delete this topic somehow?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.