使用参数而不是使用字符串插值有什么好处?
这是
SELECT * FROM dbo.Posts WHERE Author = @p0", userSuppliedAuthor;
比任何更好
$@SELECT * FROM dbo.Posts WHERE Author = {userSuppliedAuthor}";
?
c# sql
c# ×1
sql ×1