基本上，当您使用 SQLParameters 执行 SQLCommand 时，参数永远不会直接插入到语句中.相反，一个名为 sp_executesql 的系统存储过程被调用并给出 SQL 字符串和参数数组.

Basically, when you perform a SQLCommand using SQLParameters, the parameters are never inserted directly into the statement. Instead, a system stored procedure called sp_executesql is called and given the SQL string and the array of parameters.

当这样使用时，参数被隔离并被视为数据，而不必从语句中解析出来(因此可能会更改它)，因此参数包含的内容永远不会被执行".你只会得到一个很大的错误，参数值在某种程度上无效.

When used as such, the parameters are isolated and treated as data, instead of having to be parsed out of the statement (and thus possibly changing it), so what the parameters contain can never be "executed". You'll just get a big fat error that the parameter value is invalid in some way.