public void CheckLogin() { Status = sql.Scalar(@"SELECT COUNT (*) FROM Users WHERE login = '******' AND passw = '" + sql.AddSlashes(Passw) + "' AND status > 0"); }
public void Add() { if ((Email ?? "").IndexOf('@') == -1) { Error = "Incorrect Email"; return; } long insertedId = sql.Insert(@"INSERT INTO Stories (title, story, email, post_date) VALUES (N'" + sql.AddSlashes(Title) + "', N'" + sql.AddSlashes(Story) + "', '" + sql.AddSlashes(Email) + "', GETDATE()); SELECT SCOPE_IDENTITY()"); if (insertedId == -1) { Error = "Could not insert record to database"; return; } Id = insertedId.ToString(); }