/// <summary>

     /// 参数化查询预防SQL注入式攻击

     /// </summary>

     public int checkLogin(string loginName, string loginPwd)

     {

         string strsql = "select count(*) from tb_LoginUser where UserName=@UserName and PassWord=@PassWord";

         SqlConnection conn = new SqlConnection(ConfigurationManager.AppSettings["conStr"]);

         if (conn.State.Equals(ConnectionState.Closed))//存在，判断是否关闭

         {

             conn.Open();                             //连接处于关闭状态，重新打开

         }

         SqlCommand sqlcom = new SqlCommand(strsql, conn);

         sqlcom.Parameters.Add(new SqlParameter("@UserName", SqlDbType.NVarChar, ));

         sqlcom.Parameters["@UserName"].Value = loginName;

         sqlcom.Parameters.Add(new SqlParameter("@PassWord", SqlDbType.NVarChar, ));

         sqlcom.Parameters["@PassWord"].Value = loginPwd;

         int i = (int)sqlcom.ExecuteScalar();

         conn.Close();

         return i;

     }