asp.net的简易的参数化查询

 1 protected void btnInsert_Click(object sender, EventArgs e)
 2     {
 3         string sql = "insert into contactgroup(groupname,memo) values(@groupName,@memo)";
 4         string groupName = txtGroupName.Text.Trim();
 5         string memo = txtMemo.Text.Trim();
 6         if (groupName != "" || memo != "")
 7         {
 8             using (SqlConnection conn = new SqlConnection(DBHelper.ContactsConnstr))
 9             {
10                 conn.Open();
11                 SqlCommand cmd = new SqlCommand(sql, conn);
12                 cmd.Parameters.AddWithValue("@groupName", groupName);
13                 cmd.Parameters.AddWithValue("@memo", memo);
14                 if (cmd.ExecuteNonQuery() > 0)
15                 {
16                     Response.Write("成功写入！");
17                 }
18                 else
19                 {
20                     Response.Write("写入失败！");
21                 }
22             }
23         }
24         else
25         {
26             Response.Write("输入不能为空！");
27             txtGroupName.Focus();
28         }
29 
30     }