Not getting any row data from database using c# asp.net.

Question

I can not get any row data from database using c# asp.net.I am trying to fetch one row data from my DB but it is not returning any row.I am using 3-tire architecture for this and i am explaining my code below.

index.aspx.cs:

protected void userLogin_Click(object sender, EventArgs e)
        {
            if (loginemail.Text.Trim().Length > 0 && loginpass.Text.Trim().Length >= 6)
            {
                objUserBO.email_id = loginemail.Text.Trim();
                objUserBO.password = loginpass.Text.Trim();
                DataTable dt= objUserBL.getUserDetails(objUserBO);
                Response.Write(dt.Rows.Count);
            }
        }

userBL.cs:

 public DataTable getUserDetails(userBO objUserBO)
        {
           userDL objUserDL = new userDL();
            try
            {
                DataTable dt = objUserDL.getUserDetails(objUserBO);
                return dt;
            }
            catch (Exception e)
            {
                throw e;
            }
        }

userDL.cs:

public DataTable getUserDetails(userBO objUserBO)
        {
            SqlConnection con = new SqlConnection(CmVar.convar);
            try
            {
                con.Open();
                DataTable dt = new DataTable();
                string sql = "SELECT  * from T_User_Master WHERE User_Email_ID= ' " + objUserBO.email_id + "'";
                SqlCommand cmd = new SqlCommand(sql, con);
                SqlDataAdapter objadp = new SqlDataAdapter(cmd);
                objadp.Fill(dt);
                con.Close();
                return dt;
            }
            catch(Exception e)
            {
                throw e;
            }
        }

When i am checking the output of Response.Write(dt.Rows.Count); ,it is showing 0 .So please help me to resolve this issue.

Answer 1

It looks like your your query string has a redundant space between ' and " mark. That might be causing all the trouble as your email gets space in front.

It is by all means better to add parameters to your query with use of SqlConnection.Parameters property.

string sql = "SELECT * from T_User_Master WHERE User_Email_ID=@userID";
SqlCommand cmd = new SqlCommand(sql, con);
cmd.Parameters.Add("@userID", SqlDbType.NVarChar);
cmd.Parameters["@userID"].Value = objUserBO.email_id;