更新时间:2023-02-05 21:23:54
select column name from table where field =@value
cmd.parameters.add('@value', value);
SQL参数避免了sql注入问题.
SQL Parameters avoid the sql injection problem.
您只需要使用参数更改=条件.检查以上查询.
You just need to change the = condition with parameter. check above query.