How to set sql parameters

I try that code for use sql parameters but didnt work and didnt return any error. How can I fix it?

string sql = "SELECT * FROM "+mw.db_name+".ananmez_genel Where hasta_id='@hastaid'";

string connectionString = ConfigurationManager.ConnectionStrings["MYDBConnectionString"].ConnectionString;

using (MySqlConnection connect = new MySqlConnection(connectionString))
{
    using (MySqlCommand cmd = new MySqlCommand(sql, connect))
    {
        connect.Open();
        cmd.Parameters.AddWithValue("@hastaid",hasta_id);
        MySqlDataReader mdr;
        mdr = cmd.ExecuteReader();

        if (mdr.Read())
        {
            for (int i = 0; i < 20; i++)
            {
                arti = (i + 1).ToString();
                kontrol = mdr.GetString("c_" + arti);
                if (kontrol == "True")
                {
                    ananmezcheck.ananmez_gnlkontrol(i, check);
                }
            }
            yirmibir.Text = mdr.GetString("txt_1");
        }
        connect.Close();
    }

If i using just like that, it works:

string sql = "SELECT * FROM "+mw.db_name+".ananmez_genel Where hasta_id='"+hastaid+"'";

so there is no problem in the database.

Jon Skeet
people
quotationmark

This part is the problem:

Where hasta_id='@hastaid'

That's not using a parameter - that's searching for rows where the value of hasta_id is exactly the string @hastaid, because you've put it in a string literal. You need to get rid of the quotes:

Where hasta_id=@hastaid

Then it's looking for rows where the value of hasta_id matches the value of the parameter @hastaid.

people

See more on this question at Stackoverflow