asp.net 修改

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;

public partial class update : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        if (!IsPostBack)
        {
            string UserID = Request["id"];//id是当前行的用户名
            if (string.IsNullOrEmpty(UserID))
            {
                Response.Write("<script>window.location.href='query.aspx'</script>");
            }
            else
            {
                string sql = "select * from Users where UserID = "+UserID;
                DataTable dt = SQLHelper.ExecuteDataTable(sql);
                txtUserID.Text = dt.Rows[0]["UserID"].ToString();
                txtUserName.Text = dt.Rows[0]["UserName"].ToString();
                txtPwd.Text = dt.Rows[0]["pwd"].ToString();
                txtphone.Text = dt.Rows[0]["phone"].ToString();
                txtcardID.Text = dt.Rows[0]["cardID"].ToString();
            }            
        }
    }
    protected void Button1_Click(object sender, EventArgs e)
    {
        string userID = txtUserID.Text;
        string username = txtUserName.Text;
        string pwd = txtPwd.Text;
        string phone = txtphone.Text;
        string cardID = txtcardID.Text;     

        string s = "update Users set UserName=@UserName,pwd=@pwd,phone=@phone,cardID=@cardID where UserID=@UserID";
        SqlParameter[] p = { new SqlParameter("@UserName",username),
                                 new SqlParameter("@pwd",pwd),
                                 new SqlParameter("@phone",phone),
                                 new SqlParameter("@cardID",cardID),
                                 new SqlParameter("@UserID",userID),};
        int i = SQLHelper.NonExQuery(s, p);
        if (i == 1)
        {
            Response.Write("<script>alert('修改成功！');window.location='query.aspx';</script>");
        }
    }
}