SqlCommand cmd = new SqlCommand("insert into
users(username,realname,password,sex,email,question,answer) values
(@USERNAME,@REALNAEM,@PWD,@SEX,@EMAIL,@QUESTION,@ANSWER)",
conn);
           
//为command加入参数并赋值
           
//cmd.Parameters.Add("@ID", SqlDbType.Int).Value =
int.Parse(txtUserId.Text.Trim());
           
cmd.Parameters.Add("@USERNAME", SqlDbType.NVarChar).Value =
txtUserName.Text.Trim();
           
cmd.Parameters.Add("@REALNAEM", SqlDbType.NVarChar).Value =
txtRealName.Text.Trim();
           
cmd.Parameters.Add("@PWD", SqlDbType.NVarChar).Value =
txtPwd.Text.Trim();
           
cmd.Parameters.Add("@SEX", SqlDbType.NVarChar).Value =
rblSex.SelectedItem.Text;
           
cmd.Parameters.Add("@EMAIL", SqlDbType.NVarChar).Value =
txtEmail.Text.Trim();
           
cmd.Parameters.Add("@QUESTION", SqlDbType.NVarChar).Value =
dplQuestion.SelectedItem.Text;
           
cmd.Parameters.Add("@ANSWER", SqlDbType.NVarChar).Value =
txtAnswer.Text.Trim();
           
int v = cmd.ExecuteNonQuery();

if (!string.IsNullOrEmpty(KeyWord))
            {
                strSql.Append(" and NAME like @NAME");
            }
            List<SqlParameter> ilistStr = new List<SqlParameter>();
            ilistStr.Add(new SqlParameter("@TYPEID", TYPEID));
            if (!string.IsNullOrEmpty(KeyWord))
            {
                ilistStr.Add(new SqlParameter("@NAME", "%" + KeyWord + "%"));//Like的写法
            }
            SqlParameter[] parameters = ilistStr.ToArray();