大家帮我看看这个SQL语句怎么写啊,谢谢各位了!
CREATE PROCEDURE [dbo].[S_LoginUser]
@U_UserName varchar(50),
@U_PassWord varchar(20),
@UserID int OUTPUT,
@RoleID int OUTPUT
AS
select @UserID=U_ID,@RoleID=UserRoleID from dbo.Users
where U_UserName=@U_UserName and U_PassWord=@U_PassWord


IF @@Rowcount < 1
SELECT @UserID = -1


现在要在string _strSql= "sql语句 "
这个应该怎么写啊?

[解决办法]
string _strSql = "execute S_LoginUser ' "+UserName.ToString()+ " ', ' "+Password.ToString()+ " ', "+UserID.ToString()+ ", "+RoleID.ToString()+ " ";
[解决办法]
StringBuilder sb = new StringBuilder();
sb.Append( "CREATE PROCEDURE [dbo].[S_LoginUser] ");
...

string _strSql = sb.ToString();
[解决办法]
SqlConnection conn = new SqlConnection(strConn);
SqlCommand cmd = new SqlCommand();

cmd.Connection = conn;
cmd.CommandText = "select @UserID=U_ID,@RoleID=UserRoleID from dbo.Users where U_UserName=@U_UserName and U_PassWord=@U_PassWord ";

cmd.Parameters.Add(new SqlParameter( "@UserID ", SqlDbType.Int)).Direction = ParameterDirection.Output;
cmd.Parameters.Add(new SqlParameter( "@RoleID ", SqlDbType.Int)).Direction = ParameterDirection.Output;
cmd.Parameters.Add(new SqlParameter( "@U_UserName ", SqlDbType.VarChar, 50)).Value = "用户名的值 ";
cmd.Parameters.Add(new SqlParameter( "@U_PassWord ", SqlDbType.VarChar, 20)).Value = "密码的值 ";

try
{
conn.Open();
cmd.ExecuteNonQuery();

Response.Write( "companyName: " + cmd.Parameters[ "@UserID "].Value.ToString() + " <br> ");
Response.Write( "contactName: " + cmd.Parameters[ "@RoleID "].Value.ToString() + " <br> ");
}
catch
{

}
finally
{
conn.Close();
}