SqlCommand cmd = new SqlCommand("insert into
users(username,realname,password,sex,email,question,answer) values
(@USERNAME,@REALNAEM,@PWD,@SEX,@EMAIL,@QUESTION,@ANSWER)",
conn);
//为command加入参数并赋值
//cmd.Parameters.Add("@ID", SqlDbType.Int).Value =
int.Parse(txtUserId.Text.Trim());
cmd.Parameters.Add("@USERNAME", SqlDbType.NVarChar).Value =
txtUserName.Text.Trim();
cmd.Parameters.Add("@REALNAEM", SqlDbType.NVarChar).Value =
txtRealName.Text.Trim();
cmd.Parameters.Add("@PWD", SqlDbType.NVarChar).Value =
txtPwd.Text.Trim();
cmd.Parameters.Add("@SEX", SqlDbType.NVarChar).Value =
rblSex.SelectedItem.Text;
cmd.Parameters.Add("@EMAIL", SqlDbType.NVarChar).Value =
txtEmail.Text.Trim();
cmd.Parameters.Add("@QUESTION", SqlDbType.NVarChar).Value =
dplQuestion.SelectedItem.Text;
cmd.Parameters.Add("@ANSWER", SqlDbType.NVarChar).Value =
txtAnswer.Text.Trim();
int v = cmd.ExecuteNonQuery();
if (!string.IsNullOrEmpty(KeyWord))
{
strSql.Append(" and NAME like @NAME");
}
List<SqlParameter> ilistStr = new List<SqlParameter>();
ilistStr.Add(new SqlParameter("@TYPEID", TYPEID));
if (!string.IsNullOrEmpty(KeyWord))
{
ilistStr.Add(new SqlParameter("@NAME", "%" + KeyWord + "%"));//Like的写法
}
SqlParameter[] parameters = ilistStr.ToArray();