帶有防注入的呦
var list = db.ExecuteQuery<registered >("SELECT city,MIN(state) AS state,COUNT(1) AS count FROM dbo.pt_registrations WHERE bankID=88 AND businessName='Webster Bank RAF' AND timeRegistered>='20130201' AND timeRegistered<'20130301' GROUP BY city order by city");
==
string strSql = "SELECT city,MIN(state) AS state,COUNT(1) AS count FROM dbo.pt_registrations WHERE bankID={0} AND businessName={1} AND timeRegistered>={2} AND timeRegistered<{3} GROUP BY city order by city";
var list = db.ExecuteQuery<registered >(strSql, new object[] { bankid,bussinessName,openDate,endDate }).ToList();
GetAccountsOpened10.DataSource = list;
GetAccountsOpened10.DataBind();
http://developer.51cto.com/art/201011/232674.htm