How to set sql parameters

I try that code for use sql parameters but didnt work and didnt return any error. How can I fix it?

string sql = "SELECT * FROM "+mw.db_name+".ananmez_genel Where hasta_id='@hastaid'";

string connectionString = ConfigurationManager.ConnectionStrings["MYDBConnectionString"].ConnectionString;

using (MySqlConnection connect = new MySqlConnection(connectionString))
    using (MySqlCommand cmd = new MySqlCommand(sql, connect))
        MySqlDataReader mdr;
        mdr = cmd.ExecuteReader();

        if (mdr.Read())
            for (int i = 0; i < 20; i++)
                arti = (i + 1).ToString();
                kontrol = mdr.GetString("c_" + arti);
                if (kontrol == "True")
                    ananmezcheck.ananmez_gnlkontrol(i, check);
            yirmibir.Text = mdr.GetString("txt_1");

If i using just like that, it works:

string sql = "SELECT * FROM "+mw.db_name+".ananmez_genel Where hasta_id='"+hastaid+"'";

so there is no problem in the database.

Jon Skeet

This part is the problem:

Where hasta_id='@hastaid'

That's not using a parameter - that's searching for rows where the value of hasta_id is exactly the string @hastaid, because you've put it in a string literal. You need to get rid of the quotes:

Where hasta_id=@hastaid

Then it's looking for rows where the value of hasta_id matches the value of the parameter @hastaid.


See more on this question at Stackoverflow