Parameterized query.

String query = "Select * from Member where username=?uname";
                MySqlCommand cmd = new MySqlCommand(query, conn);
                cmd.Parameters.Add("?uname",TextBox1.Text);
                MySqlDataReader print = cmd.ExecuteReader();
                bool read = print.Read();
                string password = print.GetString(2);

String query = "Select * from Member where username= ?userName";

MySqlCommand cmd = new MySqlCommand(query, conn);

cmd.Prepare();
cmd.Parameters.Add("?userName",  TextBox2.Text);

MySqlDataReader print = cmd.ExecuteReader();

bool read = print.Read();

string password = print.GetString(2);

Hello,

I am having trouble converting my "MySQL" statement to a prepared statement. here is the part of the code that i need help with.

How Do I make below statement a prepared statement and can actually read the result afterwards. this way everything works perfectly, except that its not a prepared statement.

Please help. This is a web application in ASP.net using C#.

Thank you in advance.

String query = "Select * from Member where username=\"" + TextBox2.Text + "\";";
                MySqlCommand cmd = new MySqlCommand(query, conn);
                MySqlDataReader print = cmd.ExecuteReader();
                bool read = print.Read();
                string password = print.GetString(2);

Regards, Roswell67