static void Main(string[] args) {//442048086191605,140454 aa("442048086191605'--", ""); } static void aa(string username, string pwd) { string sql = @"select * from boby_info where tid=@use and intBobyInfoID=@pwd"; SqlConnection conn = new SqlConnection("server=.;database=ManageDatas;uid=sa;pwd=sa;"); //SqlCommand cmd = new SqlCommand(); //cmd.Connection = conn; //cmd.CommandText = sql; //cmd.Parameters.Add("@use", SqlDbType.NVarChar, 20).Value = username; //cmd.Parameters.Add("@pwd", SqlDbType.NVarChar, 20).Value = pwd; //SqlDataAdapter sda = new SqlDataAdapter(cmd); SqlDataAdapter sda = new SqlDataAdapter(sql, conn); sda.SelectCommand.Parameters.Add("@use", SqlDbType.NVarChar, 20).Value = username; sda.SelectCommand.Parameters.Add("@pwd", SqlDbType.NVarChar, 20).Value = pwd; //sda.SelectCommand.Parameters["@use"].Value = username; //sda.SelectCommand.Parameters["@pwd"].Value = pwd; DataTable dt = new DataTable(); sda.Fill(dt); }