SqlCommand.Parameters.Add()方法
string strconn = "Data Source=xxx;user id=sa;pwd=;initial catalog=gltest";
SqlConnection Conn = new SqlConnection(strconn);
Conn.Open();
string sql = "insert into users(name,pwd) values (@name,@pwd)";
SqlCommand cmd = new SqlCommand(sql, Conn);
cmd.Parameters.Add(new SqlParameter("@name", SqlDbType.NVarChar, 50));
cmd.Parameters.Add(new SqlParameter("@pwd", SqlDbType.NVarChar, 50));
cmd.Parameters["@name"].Value = this.TextBox1.Text;
cmd.Parameters["@pwd"].Value = this.TextBox2.Text;
cmd.ExecuteNonQuery();
Conn.Close();
SqlConnection Conn = new SqlConnection(strconn);
Conn.Open();
string sql = "insert into users(name,pwd) values (@name,@pwd)";
SqlCommand cmd = new SqlCommand(sql, Conn);
cmd.Parameters.Add(new SqlParameter("@name", SqlDbType.NVarChar, 50));
cmd.Parameters.Add(new SqlParameter("@pwd", SqlDbType.NVarChar, 50));
cmd.Parameters["@name"].Value = this.TextBox1.Text;
cmd.Parameters["@pwd"].Value = this.TextBox2.Text;
cmd.ExecuteNonQuery();
Conn.Close();