0
SqlCommand command = new SqlCommand("SELECT Id FROM users WHERE Username=@Username AND Password=HASHBYTES('MD5', @Password)");
command.Parameters.AddWithValue("@Username", pieces[1]);
command.Parameters.AddWithValue("@Password", pieces[2]);

doesn't return correct result

SqlCommand command = new SqlCommand("SELECT Id FROM users WHERE Username=@Username AND Password=@Password");
command.Parameters.AddWithValue("@Username", pieces[1]);
command.Parameters.AddWithValue("@Password", pieces[2]);

returns correct result, however the data in mssql database has to be not coded

what am I doing wrong?

P.S.1 If I try to execute the first line in the manager, writing the appropriate data instead of @something like this

SELECT Id FROM users WHERE Username='test' AND Password=HASHBYTES('MD5', 'testpass')

then it's all good and I get a good result.

P.S.2 I am sure pieces[] bring correct data.

P.S.3 Maybe there is a way to check how the SqlCommand looks once with parameters added or other way to check why it is failing?

Edited by kolibrizas: added P.S.3

2
Contributors
2
Replies
3
Views
5 Years
Discussion Span
Last Post by kolibrizas
0

Do you need to cast the return value from the Hastable as a string, first (like pieces[1].ToString())?
Can you use a Dictionary<int, string> instead?

Edited by thines01: n/a

0

I did solve this myself, the problem being wrong base encoding, not the problem in my code itself. Can I delete this topic somehow?

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.