问个关于数据库操作的问题，请进
[问]请问下面两种方法哪种方法比较好？
第一个方法：
public bool GetLogin(string UserName, string Password)
{
try
{
StringBuilder sbSql = new StringBuilder();
sbSql.Append( " IF (SELECT Count( 'x ') FROM [User] WHERE UserName = @UserName AND Password = @Password) > = 1 ");
sbSql.Append( " BEGIN ");
sbSql.Append( " UPDATE [User] SET IsLogin = '1 ' WHERE UserName = @UserName; ");
sbSql.Append( " SELECT 1; ");
sbSql.Append( " END ");
sbSql.Append( " ELSE ");
sbSql.Append( " BEGIN ");
sbSql.Append( " SELECT 2; ");
sbSql.Append( " END ");
string strSql = sbSql.ToString();

Database db = DatabaseFactory.CreateDatabase();
DbCommand cmdSql = db.GetSqlStringCommand(strSql);
db.AddInParameter(cmdSql, "UserName ", DbType.String, UserName);
db.AddInParameter(cmdSql, "Password ", DbType.String, Password);

return Convert.ToInt32(db.ExecuteScalar(cmdSql)) == 1;
}
catch (Exception)
{
return false;
}
}
第二个方法：
public bool GetLogin(string UserName, string Password)
{

Database db = DatabaseFactory.CreateDatabase();
System.Data.SqlClient.SqlConnection conn = db.CreateConnection();

try
{
string strSelect = "SELECT Count( 'x ') FROM [User] WHERE UserName = @UserName AND Password = @Password ";

DbCommand cmdSelect = db.GetSqlStringCommand(strSelect);
db.AddInParameter(cmdSelect, "UserName ", DbType.String, UserName);
db.AddInParameter(cmdSelect, "Password ", DbType.String, Password);

conn.Open();
if (Convert.ToInt32(db.ExecuteScalar(cmdSelect)) != 0)
{
string strUpdate = "UPDATE [User] SET IsLogin = '1 ' WHERE UserName = @UserName ";
DbCommand cmdUpdate = db.GetSqlStringCommand(strUpdate);
db.AddInParameter(cmdUpdate, "UserName ", DbType.String, UserName);

return db.ExecuteNonQuery(cmdUpdate) > = 0;
}
else
{//用户不存在
return false;
}
}
catch (Exception)
{
return false;
}
finally
{
if (conn.State != ConnectionState.Closed)

conn.Close();
}
}

[解决办法]
第一种
[解决办法]
都不好；
考虑用存储过程吧
[解决办法]
我是用存储过程的！！