I have this table in SQL Server:
CREATE TABLE Ciudadano (
ci int not null,
Nombre varchar(50),
Apellido varchar(50),
Correo varchar(50),
Usuario varchar(50),
Contrasena varchar(50),
Localidad_cod int,
Primary key (ci)
)
I'm trying to add data to the table Ciudadano from Visual Studio c#, using a stored procedure called sp_ConsultarCuenta:
CREATE PROCEDURE sp_ConsultarCuenta
#ci int, #nom varchar(50), #ape varchar(50), #user varchar(50),
#pass varchar(50), #correo varchar(50), #loc varchar(50)
AS
IF NOT EXISTS(SELECT ci,Usuario FROM Ciudadano
WHERE ci = #ci OR Usuario = #user)
DECLARE #var varchar(50)
SET #var = (SELECT cod From Localidad Where Nombre = #loc)
INSERT INTO Ciudadano (ci, Nombre, Apellido, Correo, Usuario, Contrasena, Localidad_cod)
VALUES (#ci, #nom, #ape, #user, #pass, #correo, #var)
And on my c# code I have this:
public void AgregarCiudadano()
{
string con = #"Data Source=(local);Initial Catalog=SistemaDeQuejas;Trusted_Connection=True";
SqlConnection conexion = new SqlConnection(con);
conexion.Open();
SqlDataAdapter Comando = new SqlDataAdapter();
Comando.InsertCommand = conexion.CreateCommand();
Comando.InsertCommand.CommandText = "sp_ConsultarCuenta";
Comando.InsertCommand.CommandType = CommandType.StoredProcedure;
Comando.InsertCommand.Connection = conexion;
Comando.InsertCommand.Parameters.Add("#ci", SqlDbType.Int).Value = System.Convert.ToInt32(ci);
Comando.InsertCommand.Parameters.Add("#nom", SqlDbType.VarChar, 50).Value = Nombre;
Comando.InsertCommand.Parameters.Add("#ape", SqlDbType.VarChar, 50).Value = Apellido;
Comando.InsertCommand.Parameters.Add("#user", SqlDbType.VarChar, 50).Value = Usuario;
Comando.InsertCommand.Parameters.Add("#pass", SqlDbType.VarChar, 50).Value = Contrasena;
Comando.InsertCommand.Parameters.Add("#correo", SqlDbType.VarChar, 50).Value = Correo;
Comando.InsertCommand.Parameters.Add("#loc", SqlDbType.VarChar, 50).Value = Localidad;
conexion.Close();
}
What I'm doing is a Web form, and that method is called by a button on the form. But when I run it and press the button it doesn't throw any error but the data I'm trying to insert into the database table is not inserting at all. Is there something wrong on my code?
cYou can do this to run your insert command in a simple way
using(var connection = new SqlConnection(connectionString))
{
connection.Open();
using (var command = new SqlCommand("sp_ConsultarCuenta", connection))
{
command.Parameters.AddWithValue("#Nombre", params.Nombre);
command.CommandType = CommandType.StoredProcedure;
command.ExecuteNonQuery();
}
connection.Close();
}
Related
I'm creating a page that inserts user information into a SQL server. I want to check to make sure that the database table doesn't already have the user EDIPI number in it and if it does not than it insert the new provided information. My error message is:
Procedure or function 'TestTableInsert' expects parameter '#EDIPI', which was not supplied.
My btnSaveSP_Click should allow the user to insert the information in to the database but I believe my Stored Procedure is wrong.
My Button Code:
protected void btnSaveSP_Click(object sender, EventArgs e)
{
string mainconn = ConfigurationManager.ConnectionStrings["myConnection"].ConnectionString;
SqlConnection sqlconn = new SqlConnection(mainconn);
sqlconn.Open();
SqlCommand sqlcomm = new SqlCommand();
SqlCommand sqlCmd = new SqlCommand("TestTableInsert", sqlconn);
sqlCmd.CommandType = CommandType.StoredProcedure;
sqlcomm.Parameters.Add("#EDIPI", SqlDbType.NVarChar, 50).Value = txtEDIPI.Text;
sqlcomm.Parameters.Add("#First", SqlDbType.NVarChar, 50).Value = txtFirstName.Text;
sqlCmd.ExecuteNonQuery();
sqlconn.Close();
}
My Stored Procedure code:
ALTER PROCEDURE [dbo].[TestTableInsert]
#EDIPI nvarchar(50),
#First nvarchar(50)
AS
BEGIN
IF NOT EXISTS (SELECT * FROM TestTable where EDIPI = #EDIPI)
BEGIN
INSERT INTO TestTable (EDIPI,First)
VALUES (#EDIPI, #First)
END
END
You need to change
sqlcomm.Parameters.Add("#EDIPI", SqlDbType.NVarChar, 50).Value = txtEDIPI.Text;
sqlcomm.Parameters.Add("#First", SqlDbType.NVarChar, 50).Value = txtFirstName.Text;
into
sqlCmd.Parameters.Add("#EDIPI", SqlDbType.NVarChar, 50).Value = txtEDIPI.Text;
sqlCmd.Parameters.Add("#First", SqlDbType.NVarChar, 50).Value = txtFirstName.Text;
Note that in the first you use sqlcomm while it should be sqlCmd
enter image description hereenter image description herei am facing a problem , i have posted the stored procedure,the c# code and the error that is occurring while inserting the data into the database. I need a solution of it
string dataString = #"Data Source=DESKTOP-E5V2JHG;Initial catalog=hospital_management;Integrated Security=SSPI";
SqlConnection connect = new SqlConnection(dataString);
connect.Open();
SqlCommand cmd = new SqlCommand("Add_doctor", connect);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add("#FirstName", SqlDbType.VarChar).Value = textBox1.Text;
cmd.Parameters.Add("#LastName", SqlDbType.VarChar).Value = textBox2.Text;
cmd.Parameters.Add("#ContactNo", SqlDbType.Decimal).Value = Convert.ToDecimal(textBox3.Text);
cmd.Parameters.Add("#EmailId", SqlDbType.VarChar).Value = textBox4.Text;
cmd.Parameters.Add("#GenderId", SqlDbType.Int).Value = Convert.ToInt32(comboBox1.SelectedText);
cmd.Parameters.Add("#Nationality", SqlDbType.VarChar).Value = textBox5.Text;
cmd.Parameters.Add("#salary", SqlDbType.Int).Value = Convert.ToInt32(textBox7.Text);
cmd.Parameters.Add("#DOB", SqlDbType.DateTime2).Value = dateTimePicker1;
cmd.Parameters.Add("#shiftId", SqlDbType.Int).Value = Convert.ToInt32(comboBox3.SelectedText);
cmd.Parameters.Add("#qualification", SqlDbType.VarChar).Value = textBox9.Text;
cmd.Parameters.Add("#Address", SqlDbType.VarChar).Value = textBox10.Text;
cmd.Parameters.Add("#HireDate", SqlDbType.DateTime2).Value = dateTimePicker2;
cmd.Parameters.Add("#Pass", SqlDbType.VarChar).Value = textBox8.Text;
cmd.Parameters.Add("#Religion", SqlDbType.VarChar).Value = textBox6.Text;
cmd.Parameters.Add("#specId", SqlDbType.Int).Value = Convert.ToInt32(comboBox2.SelectedText);
cmd.ExecuteNonQuery();
MessageBox.Show("Command Executed");
connect.Close();
this is in c#
Create Proc AddDoctor
#EMPtypeID VARCHAR(50),
#FirstName VARCHAR(50),
#LastName VARCHAR(50),
#ContactNo INT,
#EmailId VARCHAR(50),
#GenderId INT,
#Nationality VARCHAR(50),
#salary INT,
#DOB DATETIME2,
#shiftID INT,
#qualification VARCHAR(50),
#Address VARCHAR(50),
#HireDate DATETIME2,
#Pass VARCHAR(50),
#Religion VARCHAR(50),
#specId INT
AS
BeGIN
insert into EMPLOYEES (_EMPtypeID,_FirstName,_LastName,_ContactNo,_EmailId,
_GenderId,_Nationality,_salary,_DOB,_ShiftId,_qualification,
_Address,_HireDate,_Password,_Religion,_specialityId)
values (#EMPtypeID,#FirstName,#LastName,#ContactNo,#EmailId,
#GenderId,#Nationality,#salary,#DOB,#shiftID,#qualification,
#Address,#HireDate,#Pass,#Religion,#specId);
END
this is the stored procedure in the database
In your DOB and HireDate is the problem.
Change this
cmd.Parameters.Add("#DOB", SqlDbType.DateTime2).Value = dateTimePicker1;
cmd.Parameters.Add("#HireDate", SqlDbType.DateTime2).Value = dateTimePicker2;
To this
cmd.Parameters.Add("#DOB", SqlDbType.DateTime2).Value = dateTimePicker1.Text.ToString();
cmd.Parameters.Add("#HireDate", SqlDbType.DateTime2).Value = dateTimePicker2.Text.ToString();
Because there is no input receiving in that 2 table, like an abstract figure of the date. So you need to make it a concrete string. Good for you SQL Server can accept the date in string format if it is in yyyy-mm-dd
I have an update stored procedure which works perfectly on my sql , yet when I try to update on my c# form it doesn't update , yet my code seems to be right , im not sure why cant I perform an update
this is my update stored procedure
sql script
USE [MediaPlayer]
GO
/* Object: StoredProcedure [dbo].[updateBooks] Script Date: 11/25/2013 07:51:33 */
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [dbo].[updateBooks]
-- Add the parameters for the stored procedure here
#Name nvarchar (50),
#FileName nvarchar(50),
#FilePath nvarchar(50),
#FileSize float,
#DateAdded date,
#MediaLength nvarchar (50),
#MediaSubType nvarchar (50),
#MediaType nvarchar (50),
#Thumbnail image,
#DateAquired datetime,
#BooksName nvarchar (50),
#Publisher nvarchar(50),
#Author nvarchar(50),
#YearOfPublication date,
#Genre nvarchar (50),
#ISBN nvarchar (50),
#Synoposis nvarchar(max),
#SeriesTitle nvarchar(50),
#SeriesNumber nvarchar (50),
#BookCover image,
#GeneralID int output,
#BookID int output
AS
BEGIN
update dbo.Book
SET
BooksName=#BooksName,
Publisher=#Publisher,
Author =#Author,
[Year of publication] =#YearOfPublication,
Genre =#Genre,
ISBN=#ISBN,
Synoposis=#Synoposis,
[Series Title]= #SeriesTitle,
[Series Number] =#SeriesNumber,
[Book Cover] =#BookCover
from Book
Where BookID = #BookID
select ##ROWCOUNT
update dbo.General
SET
Name =#Name,
FileName= #FileName,
FilePath= #FilePath,
FileSize=#FileSize,
DateAdded= #DateAdded,
MediaLength =#MediaLength,
MediaSubType = #MediaSubType,
MediaType = #MediaType,
Thumbnail =#Thumbnail,
DateAquired= #DateAquired
where GeneralID = #GeneralID
END
C# code
private void DoUpdate()
{
try
{
string picLoc = "C:\\Users\\Dee\\Pictures\\PIC\\download.jpg";
try
{
byte[] img = null;
FileStream fs = new FileStream(picLoc, FileMode.Open, FileAccess.Read);
BinaryReader br = new BinaryReader(fs);
img = br.ReadBytes((int)fs.Length);
string connectionString = "Data Source=(local);Initial Catalog=MediaPlayer;Integrated Security=True";
using (SqlConnection conn = new SqlConnection(connectionString))
{
conn.Open();
SqlCommand cmd = new SqlCommand("dbo.updateBooks", conn);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("#Name", SqlDbType.NVarChar).Value = NametextBox.Text.ToString();
cmd.Parameters.AddWithValue("#FileName", SqlDbType.NVarChar).Value = FileNametextBox.Text.ToString();
cmd.Parameters.AddWithValue("#FileSize", SqlDbType.Float).Value = Convert.ToDouble(fileSizetextBox.Text);
cmd.Parameters.AddWithValue("#FilePath", SqlDbType.NVarChar).Value = FilePathtextBox.Text.ToString();
cmd.Parameters.AddWithValue("#DateAdded", SqlDbType.Date).Value = DateAddeddateTimePicker.Text.ToString();
cmd.Parameters.AddWithValue("#MediaLength", SqlDbType.NVarChar).Value = MediaLengthtetextBox.Text.ToString();
cmd.Parameters.AddWithValue("#MediaSubType", SqlDbType.NVarChar).Value = MediaSubtypetextBox.Text.ToString();
cmd.Parameters.AddWithValue("#MediaType", SqlDbType.NVarChar).Value = MediaTypetextBox.Text.ToString();
cmd.Parameters.Add(new SqlParameter("#Thumbnail", img));
cmd.Parameters.AddWithValue("#DateAquired", SqlDbType.DateTime).Value = DateAquiredDatetimepicker.Text.ToString();
cmd.Parameters.AddWithValue("#Author", SqlDbType.NVarChar).Value = AuthortextBox.Text.ToString();
cmd.Parameters.AddWithValue("#Publisher", SqlDbType.NVarChar).Value = PublishertextBox.Text.ToString();
cmd.Parameters.AddWithValue("#BooksName", SqlDbType.NVarChar).Value = BooksNametextBox.Text.ToString();
cmd.Parameters.AddWithValue("#SeriesTitle", SqlDbType.Date).Value = SeriesTitletextBox.Text.ToString();
cmd.Parameters.AddWithValue("#SeriesNumber", SqlDbType.NVarChar).Value = SeriesNumberTextBox.Text.ToString();
cmd.Parameters.AddWithValue("#Genre", SqlDbType.NVarChar).Value = genretextBox.Text.ToString();
cmd.Parameters.AddWithValue("#Synoposis", SqlDbType.NVarChar).Value = SynoposistextBox.Text.ToString();
cmd.Parameters.AddWithValue("#YearOfPublication", SqlDbType.NVarChar).Value = YearOfPublicationdatetimepicker.Text.ToString();
cmd.Parameters.AddWithValue("#ISBN ", SqlDbType.NVarChar).Value = ISBNtextBox.Text.ToString();
cmd.Parameters.Add(new SqlParameter("#BookCover", img));
SqlParameter parm1 = new SqlParameter("#GeneralID", SqlDbType.Int);
parm1.Direction = ParameterDirection.Output;
cmd.Parameters.Add(parm1);
SqlParameter parm = new SqlParameter("#BookID", SqlDbType.Int);
parm.Direction = ParameterDirection.Output;
cmd.Parameters.Add(parm);
//cmd.ExecuteNonQuery();
MessageBox.Show(cmd.ExecuteNonQuery().ToString() + " record(s) Updated.");
// MessageBox.Show("record successfully updated!");
//clrtxtb();
conn.Close();
}
}
catch (SqlException ex)
{
MessageBox.Show(ex.Message);
}
catch (ArgumentException ex)
{
MessageBox.Show("error is " + ex.Message);
}
}
finally
{ }
}
enter code here
What about first uncommenting the line cmd.ExecuteNonQuery(); ?
hi have you tried something like this
SqlConnection sqlConnection = new SqlConnection();
SqlCommand sqlCommand = new SqlCommand();
sqlConnection.ConnectionString = "Data Source=SERVERNAME;Initial Catalog=DATABASENAME;Integrated Security=True";
sqlConnection.Open();
sqlCommand.Connection = sqlConnection;
sqlCommand.CommandType = CommandType.StoredProcedure;
sqlCommand.CommandText = "SPName";
sqlCommand.Parameters.Add("#param1", SqlDbType.VarChar).Value = value1;
sqlCommand.Parameters.Add("#param2", SqlDbType.VarChar).Value = value2;
sqlCommand.Parameters.Add("#Param3", SqlDbType.VarChar).Value = value3;
sqlCommand.ExecuteNonQuery();
The two WHERE clauses in stored procedures use the parameters #BookID and #GeneralID.
Because of this, both are supposed to contain a value when the stored procedure is called.
Instead, no value is passed to those parameters. Furthermore, both are declared as OUTPUT.
That's the reason why nothing is updated.
I have a stored procedure that returns a variable #result set to 1 or 0 (datatype bit). I am accessing it in my C# with the following code. Its throwing an error saying too many parameters.
protected void btnRegister_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.AppSettings["ConnectionString"]);
con.Open();
SqlCommand Cmd = new SqlCommand("usp_CheckEmailMobile", con);
Cmd.CommandType = CommandType.StoredProcedure;
Cmd.CommandText = "Registration";
Cmd.Parameters.AddWithValue("#Name", txtName.Text);
Cmd.Parameters.AddWithValue("#Email", txtEmailAddress.Text);
Cmd.Parameters.AddWithValue("#Password", txtPassword.Text);
Cmd.Parameters.AddWithValue("#CountryCode", ddlCountryCode.Text);
Cmd.Parameters.AddWithValue("#Mobile", txtMobileNumber.Text);
//Cmd.Parameters.Add("#Result", DbType.Boolean);
SqlParameter sqlParam = new SqlParameter("#Result", DbType.Boolean);
//sqlParam.ParameterName = "#Result";
//sqlParam.DbType = DbType.Boolean;
sqlParam.Direction = ParameterDirection.Output;
Cmd.Parameters.Add(sqlParam);
Cmd.ExecuteNonQuery();
con.Close();
Response.Write(Cmd.Parameters["#Result"].Value);
}
the stored procedure: (this I think is fine...) And please correct my CS code...
ALTER PROCEDURE [dbo].[usp_CheckEmailMobile](
#Name VARCHAR(50),
#Email NVARCHAR(50),
#Password NVARCHAR(50),
#CountryCode INT,
#Mobile VARCHAR(50),
#Result BIT OUTPUT)
AS
BEGIN
IF EXISTS (SELECT COUNT (*) FROM AUser WHERE [Email] = #Email AND [Mobile] = #Mobile)
Begin
Set #Result=0; --Email &/or Mobile does not exist in database
End
ELSE
Begin
--Insert the record & register the user
INSERT INTO [AUser] ([Name], [Email], [Password], [CountryCode], [Mobile]) VALUES (#Name, #Email, #Password, #CountryCode, #Mobile)
Set #Result=1;
End
END
you can try this code :
bool result=false;
SqlCommand scCommand = new SqlCommand("usp_CheckEmailMobile", sqlCon);
scCommand.CommandType = CommandType.StoredProcedure;
scCommand.Parameters.Add("#Name", SqlDbType.VarChar, 50).Value = txtName.Text;
scCommand.Parameters.Add("#Email", SqlDbType.NVarChar, 50).Value = txtEmailAddress.Text;
scCommand.Parameters.Add("#Password ", SqlDbType.NVarChar, 50).Value = txtPassword.Text;
scCommand.Parameters.Add("#CountryCode", SqlDbType.VarChar.50).Value =ddlCountryCode.SelectedText;
scCommand.Parameters.Add("#Mobile", SqlDbType.NVarChar, 50).Value = txtMobileNumber.Text;
scCommand.Parameters.Add("#Result ", SqlDbType.Bit).Direction = ParameterDirection.Output;
try
{
if (scCommand.Connection.State == ConnectionState.Closed)
{
scCommand.Connection.Open();
}
scCommand.ExecuteNonQuery();
result = Convert.ToBoolean(scCommand.Parameters["#Result"].Value);
}
catch (Exception)
{
}
finally
{
scCommand.Connection.Close();
Response.Write(result);
}
Why do you set:
Cmd.CommandText = "Registration";
this will replace your stored procedure name, so it won't call the stored procedure you indicated in:
SqlCommand Cmd = new SqlCommand("usp_CheckEmailMobile", con);
It can be useful to use a SQL profiler to debug that the SQL going "over the wire" is as expected.
I am trying to insert a parameter through an aspx page via text box. I set my parameters up, but evertime I executenonquery, the #Username shows up in the database instead of the actual value.
Below is my code. Can anyone shed a little insight?
This is the full code:
protected void btn_SubmitUserInfo_Click(object sender, EventArgs e)
{
SqlConnection conn = new SqlConnection();
conn = new SqlConnection("Data Source=.\\SQLEXPRESS;AttachDbFilename=c:\\Documents and Settings\\xm\\My Documents\\Visual Studio 2010\\Projects\\CreateUser\\CreateUser\\App_Data\\UserInformation.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True; Integrated Security=SSPI");
//Open the connection outside of the try statement
conn.Open();
try
{
//Create a command for the stored procedure and tie it into the connection
SqlCommand cmd = new SqlCommand("InsertUserValues", conn);
//Set the command type so it know to execute the stored proc
cmd.CommandType = CommandType.StoredProcedure;
//Declare Parameters
SqlParameter #UserID = new SqlParameter("#UserID", System.Data.SqlDbType.Int);
#UserID.Direction = ParameterDirection.Input;
#UserID.Value = txtUserID.Text;
SqlParameter #UserName = new SqlParameter("#UserName", System.Data.SqlDbType.VarChar);
#UserName.Direction = ParameterDirection.Input;
#UserName.Value = txtUserName.Text;
SqlParameter #UserPassword = new SqlParameter("#UserPassword", System.Data.SqlDbType.VarChar);
#UserPassword.Direction = ParameterDirection.Input;
#UserPassword.Value = txtPassword.Text;
SqlParameter #FirstName = new SqlParameter("#FirstName", System.Data.SqlDbType.VarChar);
#FirstName.Direction = ParameterDirection.Input;
#FirstName.Value = txtFirstName.Text;
SqlParameter #LastName = new SqlParameter("#LastName", System.Data.SqlDbType.VarChar);
#LastName.Direction = ParameterDirection.Input;
#LastName.Value = txtLastName.Text;
SqlParameter #Address = new SqlParameter("#Address", System.Data.SqlDbType.VarChar);
#Address.Direction = ParameterDirection.Input;
#Address.Value = txtAddress.Text;
SqlParameter #AptNum = new SqlParameter("#AptNum", System.Data.SqlDbType.VarChar);
#AptNum.Direction = ParameterDirection.Input;
#AptNum.Value = txtAptNumber.Text;
SqlParameter #City = new SqlParameter("#City", System.Data.SqlDbType.VarChar);
#City.Direction = ParameterDirection.Input;
#City.Value = txtCity.Text;
SqlParameter #State = new SqlParameter("#State", System.Data.SqlDbType.VarChar);
#State.Direction = ParameterDirection.Input;
#State.Value = txtState.Text;
//SqlParameter #Zip = new SqlParameter("#Zip", System.Data.SqlDbType.Int);
//#Zip.Direction = ParameterDirection.Input;
//#Zip.Value = Convert.ToInt32(txtZip.Text);
//add new parameter command to object
cmd.Parameters.Add(#UserID);
cmd.Parameters.Add(#UserName);
cmd.Parameters.Add(#UserPassword);
cmd.Parameters.Add(#FirstName);
cmd.Parameters.Add(#LastName);
cmd.Parameters.Add(#Address);
cmd.Parameters.Add(#AptNum);
cmd.Parameters.Add(#City);
cmd.Parameters.Add(#State);
//cmd.Parameters.Add(#Zip);
//execute nonquery
cmd.ExecuteNonQuery();
}
finally
{
lblSucess.Text = "Your information has been submitted";
//Close the connection
if (conn != null)
{
conn.Close();
}
}
This is the stored Procedure:
ALTER PROCEDURE dbo.InsertUserValues
#UserID int,
#UserName varchar(50),
#UserPassword varchar(100),
#FirstName varchar(50),
#LastName varchar(50),
#Address varchar(50),
#AptNum varchar(50),
#City varchar(50),
#State varchar(50)
AS
INSERT INTO tb_User( user_Name, password, f_Name, l_Name, address, apt_Number, city, state)
VALUES ( '#UserName', '#UserPassword', '#FirstName', '#LastName', '#Address', '#AptNum', '#City', '#State')
You have your parameter quoted in your SQL statement. Remove the single quotes from around the parameters in your stored procedure definition. Quoting them treats them as literal strings instead of parameters to be replaced.
ALTER PROCEDURE dbo.InsertUserValues
#UserID int,
#UserName varchar(50),
#UserPassword varchar(100),
#FirstName varchar(50),
#LastName varchar(50),
#Address varchar(50),
#AptNum varchar(50),
#City varchar(50),
#State varchar(50)
AS
INSERT INTO tb_User( user_Name, password, f_Name, l_Name, address, apt_Number, city, state)
VALUES (#UserName, #UserPassword, #FirstName, #LastName, #Address, #AptNum, #City, #State)
Your parameter name is not correct - you shouldn't use # in the beginning of C# variables. It should be:
SqlParameter UserName = new SqlParameter("#UserName", System.Data.SqlDbType.VarChar);
UserName.Direction = ParameterDirection.Input;
UserName.Value = txtUserName.Text;
cmd.Parameters.Add(UserName);
I don't think it's the root of your problem but that's just something I noticed.
We need more code to see what's the problem