注:此帖子转载 http://hi.baidu.com/ruishicun/blog/item/c86d2b02a956070b4afb51f8%2Ehtml C# code void SomeSql( string selectList, string tableName, string colName, string colValue) ... { string connString = "server=.;uid=sa;pwd=sa;database=datas"; using (SqlConnection conn = new SqlConnection(connString)) ...{ string sql = string.Format("select {0} from {1} where {2} = @para1", selectList, tableName, colName); SqlCommand cmd = new SqlCommand(sql, conn); SqlParameter para1 = new SqlParameter("@para1", SqlDbType.NVarChar); para1.Value = colValue; cmd.Parameters.Add(para1); // ... } }