更新时间:2023-11-04 08:56:40
您应该使用参数化查询:
You should use parameterized queries:
var command = new SQLiteCommand("SELECT something FROM tabletop WHERE color = @Color", Connection);
command.Parameters.AddWithValue("Color", color);
您还可以传递 SQLiteParameter
的数组放入 command.Parameters
集合,如下所示:
You can also pass an array of SQLiteParameter
s into the command.Parameters
collection like so:
SQLiteParameter[] parameters = { new SQLiteParameter("Color", color), new SQLiteParameter("Size", size) }; // etc.
command.Parameters.AddRange(parameters);