作为一个良好的初步实践，尝试使用，让您持久参数来避免SQL注入。

试一下liek这样的：

 私人无效btnSignupNew_Click（对象发件人，EventArgs五）
 {

如果（txtUsername.Text ==）
 {
 errorUsername.SetError（txtUsername，输入用户名）; 
} 
，否则如果（txtPassword.Text ==）
 {
 errorPassword.SetError（txtPassword，输入有效的密码）; 
} 
，否则
 {
使用（SqlConnection的CON =新的SqlConnection（数据源=等））
 {
 con.Open（）; 

布尔存在= FALSE; 

 //创建一个命令来查询用户名的使用存在
（CMD的SqlCommand =新的SqlCommand（从SELECT COUNT（*）[用户]其中UserName = @UserName，CON） ）
 {
 cmd.Parameters.AddWithValue（用户名，txtUsername.Text）; 
存在=（INT）cmd.ExecuteScalar（）> 0; 
} 

 //如果存在，显示消息错误
如果（存在）
 errorPassword.SetError（txtUsername，这个用户名已经被使用由其他用户。 ）; 
，否则
 {
 //不存在，所以，坚持用用户
（CMD的SqlCommand =新的SqlCommand（INSERT INTO [用户]值（@Forname，@Surname ，@username，@Password），CON））
 {
 cmd.Parameters.AddWithValue（的forName，txtForname.Text）; 
 cmd.Parameters.AddWithValue（姓，txtSurname.Text）; 
 cmd.Parameters.AddWithValue（用户名，txtUsername.Text）; 
 cmd.Parameters.AddWithValue（密码，txtPassword.Text）; 

 cmd.ExecuteNonQuery（）; 
} 
} 

 con.Close（）; 
} 
} 
} 
 

i am trying to check against the database table "user" to see if the "username" exists so that the same username cannot be created again. I want this to be a validator so if the username exists the message box will show it exists.

Please guide me through this, i have the following code so far behind the button to add and check if username exists:

private void btnSignupNew_Click(object sender, EventArgs e)
        {

           if (txtUsername.Text == "")
           {
               errorUsername.SetError(txtUsername, "Enter A Username");
           }

           else if (txtPassword.Text == "")
           {
               errorPassword.SetError(txtPassword, "Enter A Valid Password");
           }

               //so if there isnt no error in the fields itll go on and add the data in to the database.
           else{

            //instance of sqlConnection
            SqlConnection con = new SqlConnection("Data Source=etc");

            //instance of sqlCommand
            SqlCommand cmd = new SqlCommand("INSERT INTO [User] values ('" + txtForename.Text + "', '" + txtSurname.Text + "', '" + txtUsername.Text + "', '" + txtPassword.Text + "' )", con);
            con.Open();
            cmd.ExecuteNonQuery();

            //query executed correcty or not
           con.Close();

As a good pratice, try to keep your persistence using Parameters to avoid SQL Injection.

Try something liek this:

private void btnSignupNew_Click(object sender, EventArgs e)
{

   if (txtUsername.Text == "")
   {
       errorUsername.SetError(txtUsername, "Enter A Username");
   }
   else if (txtPassword.Text == "")
   {
       errorPassword.SetError(txtPassword, "Enter A Valid Password");
   }
   else
   {
        using (SqlConnection con = new SqlConnection("Data Source=etc")) 
        {
            con.Open();

            bool exists = false;

            // create a command to check if the username exists
            using (SqlCommand cmd = new SqlCommand("select count(*) from [User] where UserName = @UserName", con))
            {
                cmd.Parameters.AddWithValue("UserName", txtUsername.Text);
                exists = (int)cmd.ExecuteScalar() > 0;
            }

            // if exists, show a message error
            if (exists)
                errorPassword.SetError(txtUsername, "This username has been using by another user.");
            else 
            {
                            // does not exists, so, persist the user
                using (SqlCommand cmd = new SqlCommand("INSERT INTO [User] values (@Forname, @Surname, @Username, @Password)", con))
                {
                    cmd.Parameters.AddWithValue("Forname", txtForname.Text);
                    cmd.Parameters.AddWithValue("Surname", txtSurname.Text);
                    cmd.Parameters.AddWithValue("UserName", txtUsername.Text);
                    cmd.Parameters.AddWithValue("Password", txtPassword.Text);

                    cmd.ExecuteNonQuery();
                }               
            }

            con.Close();
        }   
    }
}