select column name from table where field =@value

 cmd.parameters.add('@value', value);

SQL参数避免了sql注入问题.

SQL Parameters avoid the sql injection problem.

您只需要使用参数更改=条件.检查以上查询.

You just need to change the = condition with parameter. check above query.