c# 问题 sql..

135814048

var cn = new SqlConnection();
        cn.ConnectionString = @"Data Source=.;AttachDbFilename=C:\Users\Yoshimi\Documents\Visual Studio 2010\WebSites\WebSite1\App_Data\Database.mdf;Integrated Security=True;User Instance=True";
        cn.Open();

        var Ucheck = new SqlCommand();
        Ucheck.Connection = cn;
        Ucheck.CommandText = "SELECT username FROM member WHERE(username = '" +TextBoxUsername.Text+ "')";
        var dr = Ucheck.ExecuteReader();

        if (dr.HasRows)
        {
            cn.Close();
            Response.Write("sudah ada username");
        }
        else
        {
            cn.Close();
            cn.Open();
            var cmd = new SqlCommand();
            cmd.Connection = cn;
            cmd.CommandText = "INSERT INTO member(username,password,e_mail,fristname,lastname,gander,reg_date)VALUES('" + TextBoxUsername.Text + "','" + TextBoxPassword.Text + "','" + TextBoxEmail.Text + "','" + TextBoxFristname.Text + "','" + TextBoxLastName.Text + "','" + RadioButtonList1.SelectedItem + "','" + DateTime.Now + "')";
            cmd.ExecuteNonQuery();
            cn.Close();
        }

如果这样有什么问题吗？

还有怎样把sql connection 塞去class??不会弄=.='..