i have create a user login form it contains
DivisionName.dropdown
SubDivisionName.dropdown
UserName.text
Password.text
i want that when user logs in it must checked all the given fields in database if any of them does not match it gives error. i wrote the following code.
con.Open();
cmd = new SqlCommand("select Password from Login where UserName='" + UserName.Text + "' , DivisionName='"+DivisionName.SelectedValue+"', SubDivisionName='"+SubDivisionName.SelectedValue+"'", con);
dr = cmd.ExecuteReader();
if (!dr.Read())
{
Label1.Text = "Invalid Name or Password";
}
but it gives the error:
Incorrect syntax near ','.
please tell me what is the problem