C#asp.net SQL多条件查询数据 (从用户名---查询某一天时间)

             SqlConnection con2 = new SqlConnection("server=.;uid=sa;pwd=*****;database=sanjiang");
            con2.Open();

            string tools2 = "select * from zhongcan where 用户名='" + this.Label1.Text + "'  and 传入时段='" + DateTime.Now.ToString("yyyy-MM-dd") + "' ";


            SqlCommand cmd2= new SqlCommand(tools2, con2);
            SqlDataReader dr2 = cmd2.ExecuteReader();
            if (dr2.Read())
            {

                TextBox5.Text = "您于时间:" + dr2.GetString(dr2.GetOrdinal("时间")) + "  订购了: " + dr2.GetString(dr2.GetOrdinal("数量")) + "份早餐 ";


                Label8.Text = dr2.GetString(dr2.GetOrdinal("数量"));

            }

webform