c# - Unable to execute cmd.ExecuteReader() -

here code i'm trying retrieve user name using emailid.

string query="select name userdetails emailid=" + email + ";" ; connection.open(); mysqlcommand cmd = new mysqlcommand(query,connection); mysqldatareader rd = cmd.executereader(); while(rd.read()) {      uname = (string)rd["emailid"];       return uname; } 

parameterized value avoid sql injection

string query="select name userdetails emailid=@email" ; mysqlcommand cmd = new mysqlcommand(query,connection); cmd.parameters.addwithvalue("@email", email); 

try code snippet:

string connstr = "connection string here"; string sqlstatement = "select name userdetails emailid=@email"; using (mysqlconnection conn = new mysqlconnection(connstr)) {     using(mysqlcommand comm = new mysqlcommand())     {         comm.connection = conn;         comm.commandtext = sqlstatement;         comm.commandtype = commandtype.text;          comm.parameters.addwithvalue("@email", email);          try         {             conn.open();             mysqldatareader rd = cmd.executereader();             // other codes         }         catch(sqlexception e)         {             // exception             // not hide             // e.message.tostring()         }     } } 

for proper coding

• use using statement proper object disposal
• use try-catch block handle exception