2 things:
1) a
con
object has been nowhere defined!
2) do not use string concatenation to build sql query. Intead of it, use parametrized queries.
For further details, please see:
SqlConnection Class (System.Data.SqlClient)[
^]
SqlCommand Constructor (String, SqlConnection) (System.Data.SqlClient)[
^]
SqlParameterCollection.Add Method (String, SqlDbType, Int32) (System.Data.SqlClient)[
^]
SQL Server connection strings - ConnectionStrings.com[
^]
string connectionString = "Your connection string here!";
string commandText = "SELECT * FROM YourTable WHERE Field1 = @param1 AND Field2 = @param2";
using (SqlConnection connection = new SqlConnection(connectionString))
{
SqlCommand command = new SqlCommand(commandText, connection);
command.Parameters.Add("@param1", SqlDbType.NVarChar, 50);
command.Parameters["@param1"].Value = "user1";
command.Parameters.Add("@param2", SqlDbType.NVarChar, 50);
command.Parameters["@param2"].Value = "password";
try
{
connection.Open();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}