Question

SqlParameterCollection 仅接受非空的 SqlParameter 类型对象，不接受 String 对象

protected void Button1_Click(object sender, EventArgs e) { if ((authenticated(TextBox1.Text.Trim(), TextBox2.Text.Trim()))==true) { FormsAuthentication.SetAuthCookie(TextBox1.Text.Trim(), false); Response.Redirect(PathPrefix + "/ST_Default.aspx"); ShowMsg.Text = "welcome to loggin"; } public bool authenticated(string name, string pwd) { Authenticated =ST_PageBase.CheckUser(name,pwd); return Authenticated; }public static bool CheckUser(string name, string pwd) { bool authenticated=false; string ST_sqldb = System.Configuration.ConfigurationManager.AppSettings["connectionstring"]; SqlCommand ST_mycommand = new SqlCommand(); ST_mycommand.Connection = new SqlConnection(ST_sqldb); try { ST_mycommand.Connection.Open(); ST_mycommand.CommandText = "ST_ValidateUsers"; ST_mycommand.CommandType = CommandType.StoredProcedure; SqlParameter Name=new SqlParameter("@name", SqlDbType.VarChar,20); Name.Value=name; ST_mycommand.Parameters.Add(Name); SqlParameter password = new SqlParameter("@pwd", SqlDbType.VarChar,15); password.Value =pwd.Trim(); ST_mycommand.Parameters.Add(pwd); SqlParameter IsValid = new SqlParameter("@IsValid", SqlDbType.Int); IsValid.Direction=ParameterDirection.Output; ST_mycommand.Parameters.Add(IsValid); ST_mycommand.ExecuteNonQuery(); if ((Int32)IsValid.Value==1) { authenticated=true; } } catch (Exception ex) { throw (ex); } finally { ST_mycommand.Connection.Close(); } return authenticated; }

Answer 1

SqlParameterCollection的Add方法有4个重载方法，你可以使用其他重载方法。
还有一个AddWithValue方法，你可以直接添加参数名与参数值。例如：
ST_mycommand.Parameters.AddWithValue("name", name);