create table abc(id int IDENTITY(1,1) NOT NULL,name nvarchar(100) ,sex nvarchar(10))insert into abc values(‘asf','男')insert into abc values(‘ai','女')

create procedure selbyid(@id int,@thename nvarchar(100) output)asselect @thename= name from abc where id=@id

public string connString = ConfigurationManager.ConnectionStrings["connStr"].ConnectionString;//存儲鏈接字符串，方便資源復用。public SqlConnection getcon( ){SqlConnection conn = new SqlConnection();conn.ConnectionString = connString;return conn;}private void btnsqlparauseing_Click(object sender, EventArgs e){SqlConnection con = getcon();con.Open();string sqlstr = "insert into abc values(@name,@sex)"; //免除sql注入攻擊SqlCommand cmd = new SqlCommand( );cmd.Connection = con;cmd.CommandText = sqlstr;SqlParameter para = new SqlParameter(); //聲明參數para= new SqlParameter("@name", SqlDbType.NVarChar,100);//生成一個名字為@Id的參數,必須以@開頭表示是添加的參數，并設置其類型長度，類型長度與數據庫中對應字段相同，但是不能超出數據庫字段大小的范圍，否則報錯。para.Value = txtname.Text.ToString().Trim(); //這個是輸入參數，所以可以賦值。cmd.Parameters.Add(para);            //參數增加到cmd中。para = new SqlParameter("@sex", SqlDbType.NVarChar, 10);para.Value = txtsex.Text.ToString().Trim();cmd.Parameters.Add(para);int i =cmd.ExecuteNonQuery(); //執行sql語句，并且返回影響的行數。MessageBox.Show(i.ToString() + "命令完成行受影響插入成功", "提示",MessageBoxButtons.OK,MessageBoxIcon.Information);con.Close();}

private void btnshuchu_Click(object sender, EventArgs e){SqlConnection con = getcon();con.Open();SqlCommand cmd = new SqlCommand();cmd.Connection = con;cmd.CommandText = "selbyid"; //存儲過程的名稱cmd.CommandType = CommandType.StoredProcedure; //說明是存儲過程SqlParameter para = new SqlParameter();     //聲明sqlparameter參數para = new SqlParameter("@id", SqlDbType.Int); //這個參數是輸入參數para.Value = int.Parse(txtid.Text.ToString().Trim()); //因為是輸入參數所以可以賦值cmd.Parameters.Add(para); //加入cmd中para=new SqlParameter("@thename",SqlDbType.NVarChar,100);//參數的大小可以小于數據庫的參數規定值，但不能夠大于數據庫的參數大小。cmd.Parameters.Add(para); //和下面一句不可掉亂，先增加再指明它是輸出參數來的。cmd.Parameters["@thename"].Direction = ParameterDirection.Output; //增加后，用output說明是輸出參數。int i=cmd.ExecuteNonQuery();string name = cmd.Parameters["@thename"].Value.ToString(); //經過執行，存儲過程返回了輸出參數。MessageBox.Show("命令完成 " + name + "是所查記錄", "提示", MessageBoxButtons.OK, MessageBoxIcon.Information);con.Close();}

private void btnothers_Click(object sender, EventArgs e){SqlConnection con = getcon();SqlCommand cmd = new SqlCommand();cmd.Connection = con;cmd.CommandText = "selbyid";cmd.CommandType = CommandType.StoredProcedure;SqlParameter para = new SqlParameter();cmd.Parameters.AddWithValue("@id", Convert.ToInt32(txtid.Text.Trim()));//輸入參數可以用addWithValue來格式化參數，但輸出參數只能用Addcmd.Parameters.Add("@thename", SqlDbType.NVarChar,100).Direction = ParameterDirection.Output; //和下面一句不可順序掉亂，否則會報錯，先加入cmd中再指明它是輸出參數來的。con.Open();int i = cmd.ExecuteNonQuery();string name = cmd.Parameters["@thename"].Value.ToString(); //輸出參數返回一個數值。MessageBox.Show("命令完成 " + name + "是所查記錄", "提示", MessageBoxButtons.OK, MessageBoxIcon.Information);con.Close();}

private void btnshuzu_Click(object sender, EventArgs e){SqlConnection con = getcon();SqlCommand cmd = new SqlCommand();cmd.Connection = con;cmd.CommandText = "selbyid";cmd.CommandType = CommandType.StoredProcedure;SqlParameter[] para = { new SqlParameter("@id", SqlDbType.Int)};para[0].Value = Convert.ToInt32(txtid.Text.ToString().Trim());cmd.Parameters.AddRange(para); //輸入參數和輸出參數分別加入到cmd.Parameter中。cmd.Parameters.Add("@thename",SqlDbType.NVarChar,100).Direction = ParameterDirection.Output; //和下面一句不可掉亂，先增加再指明它是輸出參數來的。   con.Open();int i = cmd.ExecuteNonQuery();string name = cmd.Parameters["@thename"].Value.ToString();MessageBox.Show("命令完成 " + name + "是所查記錄", "提示", MessageBoxButtons.OK, MessageBoxIcon.Information);con.Close();}