C# Mysql login error

Question

I am working with C# (visual studio 2012 professional) and Mysql . I trying to create a login form, where a user needs to insert the username and password:

    using System;
    using System.Collections.Generic;
    using System.ComponentModel;
    using System.Data;
    using System.Drawing;
    using System.Linq;
    using System.Text;
    using System.Threading.Tasks;
    using System.Windows.Forms;
    using MySql.Data.MySqlClient;


    namespace Dark_Heresy
    {
        public partial class Login_Menu : Form
        {
            private MySqlConnection connection = new MySqlConnection();
            public Login_Menu()
            {
                InitializeComponent();
                TextPassword.PasswordChar = '*';
            }

            private void Form1_Load(object sender, EventArgs e)
            {

            }

            private void btn_Login_Click(object sender, EventArgs e)
            {
                try
                {
                string connectionString = "datasource = localhost; port = 3306; username = root; password = Mypass;";
                using(MySqlConnection myConn = new MySqlConnection(connectionString))
                 using(MySqlCommand selectCommand = new MySqlCommand())
                    {
                    selectCommand.CommandText = ("SELECT COUNT(1) FROM dark_heresy.users WHERE users_=@User and password_=@Password;");
                    selectCommand.Connection = myConn;
                    selectCommand.Parameters.Add(new MySqlParameter("User", MySqlDbType.VarChar).Value = TextUserName.Text);
                    selectCommand.Parameters.Add(new MySqlParameter("Password", MySqlDbType.VarChar).Value = TextPassword.Text);
                    myConn.Open();
                    var ret = selectCommand.ExecuteScalar();
                    var count = Convert.ToInt32(ret);
                    if (count == 1)
                         {                  
                            this.Hide();
                            Menu mn = new Menu();
                            mn.ShowDialog();
                         }
                    else if (count > 1)
                         {
                            MessageBox.Show("Duplication of Username and Password... Access Denied");
                         }
                    else
                         {
                            MessageBox.Show("Incorrect Username and/or Password");
                         }
                    }


                }
                  catch (Exception exp)
                         {
                    MessageBox.Show("Error: \r\n" + exp); 
                          }

                }
            }
        }

I don't get any syntax errors, but when i run this code i recieve this error:

MySql.Data.MySqlClient.MySqlException(0x80004005):
Only MySqlParameter objects may be stored at MySql.Data.MySqlClient.MySqlParameterCollection.Add(Object value)
at Dark_Heresy.Login_Menu.btn_Login_Click(Object sender, EventArgs e)  

I know for security reason is it a better idea to use mysql.user table instead of dark_heresy.users table for user check, but right now is for testing purpose. What is wrong with the code? it says there is an error in line 39

Answer 1

I think your parameter syntax is wrong.

= operator returns the right side value also instead of just assigning. That's why;

new MySqlParameter("User", MySqlDbType.VarChar).Value = TextUserName.Text;

expression returns TextUserName.Text as a value and your parameter part will be like;

selectCommand.Parameters.Add(TextUserName.Text);

The right syntax seems;

selectCommand.Parameters.Add("@User", MySqlDbType.VarChar).Value = TextUserName.Text;
selectCommand.Parameters.Add("@Password", MySqlDbType.VarChar).Value = TextPassword.Text;

And please, don't store your passwords as a plain text.

Read: Best way to store password in database