Passing function parameter to query
I am creating a class file which has a function of authenticating user. It connects to database and check password verification according to the username. But the variable I use as parameter which is "username"
how to pass that value to select query . code is as below.
public Boolean AuthenticateUser(string username, string password)
String ConStr = ("Data Source=localhost;Initial Catalog=test;user ID = sa ;Password = keyur");
String SQL = " SELECT Password from LoginInfo WHERE UserName = '" & username & "'
SqlConnection conn = new SqlConnection(ConStr);
SqlCommand cmd = new SqlCommand(SQL, conn);
String var = null;
var = (String)cmd.ExecuteScalar();