You must enclose the string into single quotes:
"SELECT Name from Employee Where pass='"+password + "'"
If password contains a quote, then you must double it before using it. (On
many occasions, you can also use double quotes instead of single quotes but
this require an option to be set on the SQL-Server side and I'm not sure if
ADO.NET will take it.)
If you don't want to get mixed with single quote, two single quotes and
double quote, then the best way is to use a parameter:
"SELECT Name from Employee Where pass=@password "
Of course, in the later case, you must know how to use the parameters
collection of ADO.NET.
S. L.
"Lam" <ja**********@hotmail.com> wrote in message
news:u5**************@TK2MSFTNGP10.phx.gbl...
hi
I using C# to write a ASP.NET page
and I need to compare a string variable to a Char field in the SQL table
in
SQL Server 2000
how can I write a SQL statement to do that?\
I try to use "SELECT Name from Employee Where pass="+password
it shows me an "Invalid column name error"
How can I fix that ?
Thanks