第一次用参数做登录系统，有点蒙
先上代码
Login.aspx

C# code

 um.UserName = this.TextBox1.Text;            um.UserPwd = this.TextBox2.Text;            um.DepartMentName = this.DropDownList1.SelectedItem.Text;            if(ub.Login(um))            {                Response.Redirect("Admin.aspx");            }

逻辑层

C# code

 public bool Login(UserModel um)        {            return userdal.Login(um);        }

数据层

C# code

  public bool Login(UserModel um)         {             bool flag = false;             string sql = "select * from Users where UserName=@username and UserPwd=@userpwd and DepartMentName=@departmentname";             SqlParameter[] paras = new SqlParameter[]{              new SqlParameter("username",um.UserName),              new SqlParameter("userpwd",um.UserPwd),              new SqlParameter("departmentname",um.DepartMentName)             };             int res = sqlhelper.CheckLogin(sql, paras, CommandType.Text);             if (res > 0)             {                 flag = true;             }             return flag;         }

数据库助手

C# code

 public int CheckLogin(string CmdText, SqlParameter[] paras, CommandType ct)        {            int res;            using (cmd = new SqlCommand(CmdText, Getconn()))            {                cmd.CommandType = ct;                cmd.Parameters.AddRange(paras);                res = cmd.ExecuteNonQuery();            }            return res;        }

这种执行时错误的。。。。。有问题，我原来都是写到一起的
像这样的

C# code

 SqlConnection conn = new SqlConnection("server=.;uid=customer adm;pwd=6568986z;database=customer");            SqlCommand cmd = new SqlCommand();            cmd.Connection = conn;            cmd.CommandText = "select*from cdetials where uname='"+this.textBox1.Text+"'";---执行tsql语句，读取数据库中的信息            conn.Open();            SqlDataReader dr = cmd.ExecuteReader();---  SqlDataReader读取行的操作，ExecuteReader()执行读取            if (dr.HasRows)————读取第一个值，即第一个uname            {                dr.Read();————继续读下一条                if (this.textBox2.Text == dr["upwd"].ToString())                {                    Form2 f2 = new Form2();                    f2.Show();                    this.Visible = false;                }                                    else                    MessageBox.Show("密码错误!");            }            else                MessageBox.Show("账号错误!");            conn.Close();            

现在用三层和参数化也想实现上面那样逐条验证的效果，要怎么改啊。谢谢大家啦

[解决办法]

探讨

改了还是有错误，断点了一下res=-1， res = cmd.ExecuteNonQuery();这句话不对啊引用:
初始化参数时出错了，参数必须和前面一致，不能少@哦
string sql = "select * from Users where UserName=@username and UserPwd=@userpwd and DepartMentName=@dep……