如何使用C＃将数据插入SQL表以及实现上传功能？

您应该在查询中使用参数来防止攻击，例如有人输入

'); drop table ArticlesTBL;--'

string query = "INSERT INTO ArticlesTBL (ArticleTitle, ArticleContent, ArticleType, ArticleImg, ArticleBrief,  ArticleDateTime, ArticleAuthor, ArticlePublished, ArticleHomeDisplay, ArticleViews)";query += " VALUES (@ArticleTitle, @ArticleContent, @ArticleType, @ArticleImg, @ArticleBrief, @ArticleDateTime, @ArticleAuthor, @ArticlePublished, @ArticleHomeDisplay, @ArticleViews)";SqlCommand myCommand = new SqlCommand(query, myConnection);myCommand.Parameters.AddWithValue("@ArticleTitle", ArticleTitleTextBox.Text);myCommand.Parameters.AddWithValue("@ArticleContent", ArticleContentTextBox.Text);// ... other parametersmyCommand.ExecuteNonQuery();