Problem of SQL parameters (2 replies)

Hello everybody,
As I needed to know my user id to insert it in another table, I inserted this code in MySqlMembershipProvider.cs
Well, I should like to know why it works only if I replace parameters explicitly by their values, while this is supposedly automatic.
Another question could concern how to call it : MySqlMembershipProvider has public values, but the user is initialised in it when signing on, and then is released. After that you have to provide connection and parameters again. Anything I did not see ?

public string GetUserKey(string Username, string ApplicationName, string connectionString)
{
string strPKID = "";
using (MySqlConnection conn = new MySqlConnection(connectionString))
{
MySqlCommand cmd = new MySqlCommand("SELECT PKID, Username, Email, PasswordQuestion," +
" Comment, IsApproved, IsLockedOut, CreationDate, LastLoginDate," +
" LastActivityDate, LastPasswordChangedDate, LastLockedOutDate" +
" FROM `" + tableName + "` WHERE Username = ?Username AND ApplicationName = ?ApplicationName", conn);

cmd.Parameters.Add("?Username", MySqlDbType.VarChar, 255).Value = Username;
cmd.Parameters.Add("?ApplicationName", MySqlDbType.VarChar, 255).Value = ApplicationName;

conn.Open();
cmd.CommandText = cmd.CommandText.Replace("?Username", "'" + cmd.Parameters["?Username"].Value.ToString() + "'").Replace("?ApplicationName", "'" + cmd.Parameters["?ApplicationName"].Value.ToString() + "'");
using (MySqlDataReader reader = cmd.ExecuteReader(CommandBehavior.SingleRow))
{
if (reader.HasRows)
{
reader.Read();
strPKID = reader.GetString(0);
reader.Close();
}
}
}
return (strPKID);

}