ado.net中用参数化SQL语句【鸡蛋】

 1     public bool IsInsert(string userName, string password, string remark, string mail, int departId, int power) 2     { 3         string sql = "insert into S_Admin(UserName,Password,Remark,Mail,DepartId,Power)values(@UserName,@Password,@Remark,@Mail,@DepartId,@Power)"; 4         SqlConnection connection = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[""].ToString()); 5         SqlCommand command = new SqlCommand(sql, connection);         6         command.Parameters.Add("@UserName",SqlDbType.NVarChar, 60).Value = userName; 7         command.Parameters.Add("@Password", SqlDbType.NVarChar, 60).Value = password; 8         command.Parameters.Add("@Remark", SqlDbType.NVarChar, 60).Value = remark; 9         command.Parameters.Add("@Mail", SqlDbType.NVarChar, 60).Value = mail;10         command.Parameters.Add("@DepartId", SqlDbType.Int, 4).Value = departId;11         command.Parameters.Add("@Power", SqlDbType.Int, 4).Value = power;12         connection.Open();13         int rowsAffected = command.ExecuteNonQuery();14         connection.Close();15         command.Dispose();16         return rowsAffected > 0;17         18     }