发生绑定时(来自 HTTP 触发器的数据被发送到 Cosmos DB 输入绑定)，它通过 SQLParameterCollection 将处理清理.

When the binding occurs (the data from the HTTP Trigger gets sent to the Cosmos DB Input bind), it is passed through a SQLParameterCollection that will handle sanitization.

请查看这篇文章:

参数化 SQL 提供对用户输入的稳健处理和转义，防止通过SQL 注入"意外暴露数据

Parameterized SQL provides robust handling and escaping of user input, preventing accidental exposure of data through "SQL injection"

这将涵盖通过 name 属性注入 SQL 的任何尝试.

This will cover any attempt to inject SQL through the name property.