在我们解决您的主要问题之前，您的代码需要进行一些清理。首先，让它成为一个习惯在使用语句中放置食用资源的对象，例如 SqlConnection 和 SqlCommand 确保对象在使用后正确处理和关闭。



其次，正如评论部分已经建议的那样，直接附加值对你的SQL查询是一个大不了没有，因为它可能导致 SQL注入攻击。使用参数化查询来避免这种情况发生：保护你的数据：预防SQL注入[^] [ ^ ]



三，使用 CheckBoxList 控制因此您可以轻松地将其与数据库中的结果绑定。以下是您可以参考的示例：保存CheckBoxList所选项目并将其保留在PostBack上。 [ ^ ]

Before we move to solving your main issue, your code needs some clean up. First off, make it a habit to put objects that eat resources such as SqlConnection and SqlCommand within a using statement to ensure that objects will be properly disposed and closed after they are used.

Second, as already suggested in the comments section, appending the values directly to your SQL query is a BIG no no as it can potentially leads to SQL Injection attack. Use parameterize query to avoid that to happen: Protect Your Data: Prevent SQL Injection[^] [^]

Third, use a CheckBoxList Control so you can easily bind it with the result from your database. Here's an example that you can refer: Save CheckBoxList Selected Items and Retain them on PostBacks.[^]