检查用户名和密码

public bool ValidateUser(string userName, string passWord)
{
    string lookupPwd=null;

    string cnnString=ConfigurationSettings.AppSettings["ConnectionString"];
    SqlConnection connection=new SqlConnection(cnnString);

    string sqlString="select Password From [User] where UserName=@username";
    SqlCommand command=new SqlCommand(sqlString, connection);

    SqlParameter Param_userName=new SqlParameter();    //对变量进行声明
    Param_userName.ParameterName="@username";
    Param_userName.Value=userName;

    command.Parameters.Add(Param_userName);

    connection.Open();
    lookupPwd =Convert.ToString(command.ExecuteScalar());
    connection.Close();

    if(lookupPwd==null)     //若不存在此用户，则返回空密码
        { return false; }
    else if(lookupPwd==passWord)    //若密码匹配
        { return true;}
         else               //若密码不匹配
        { return false; }
}