SqlParameter 用法

方法1：

 string username = ...

 string password = ...

 string sql = "select * from Users where UserName=@username and PassWord=@password";

             SqlParameter[] parms= new SqlParameter[]

             { 

                 new SqlParameter("@username", username),

                 new SqlParameter("@password", password)

             };

DataSet dt = DBHelper.ExecuteDataQuery(sql, parms);

方法2：

 string username = ...

 string password = ...

 string sql = "select * from Users where UserName=@username and PassWord=@password";

 SqlParameter[] parms = {

                    new SqlParameter("@username", SqlDbType.NVarChar,100),

                    new SqlParameter("@password",SqlDbType.Int)};

            parameters[0].Value = username;

            parameters[1].Value = password;

DataSet dt = DBHelper.ExecuteDataQuery(sql, parms);