如何在SQL查询中使用多个参数

我最近遇到了有关如何防止SQL注入的声明，因此我将代码更改为此（注释为旧代码）：

nameE = txtName.Text;

//sqlCode = "SELECT * FROM [db].[dbo].[TablePDFTest] WHERE [name] = '" + nameE + "'";
sqlCode = "SELECT * FROM [db].[dbo].[TablePDFTest] WHERE [name] = @name";

using (SqlCommand command = new SqlCommand(sqlCode, Conn))
{
      //command.CommandType = CommandType.Text;
      command.Parameters.AddWithValue("name", nameE);

      using (reader = command.ExecuteReader())
      {
        // some action goes here...
      }
 }

如何使用多个参数执行相同的操作？

我的代码是在此处使用此函数填充两个参数作为另一个函数的变量的函数：

public void writeData(string k, string c)
{
    Conn = new SqlConnection(cString);
    Conn.Open();

    //MessageBox.Show(k);
    //MessageBox.Show(c);

    var pdfPath = Path.Combine(Server.MapPath("~/PDFTemplates/fw9.pdf"));

    // Get the form fields for this PDF and fill them in!
    var formFieldMap = PDFHelper.GetFormFieldNames(pdfPath);

    //if more than multiple entries, verify by name and the last four ssn
    //sqlCode = "SELECT * FROM [db].[dbo].[TablePDFTest] WHERE [name] = '" + k + "' AND [ssn3] = " + c + "";
    sqlCode = "SELECT * FROM [db].[dbo].[TablePDFTest] WHERE [name] = @name2 AND [ssn3] = @ssnnum";
    //MessageBox.Show("" + sqlCode.ToString());

    using (SqlCommand command = new SqlCommand(sqlCode, Conn))
    {
        //command.CommandType = CommandType.Text;
        command.Parameters.AddWithValue("name2", k);
        command.Parameters.AddWithValue("ssnnum", c);

        using (reader = command.ExecuteReader())
        {
            if (reader.HasRows)
            {
                if (reader.Read())
                {
                    MessageBox.Show(reader.GetValue(0).ToString());
                    /*formFieldMap["topmostSubform[0].Page1[0].f1_01_0_[0]"] = reader.GetValue(0).ToString();
                    formFieldMap["topmostSubform[0].Page1[0].f1_02_0_[0]"] = reader.GetValue(1).ToString();
                    formFieldMap["topmostSubform[0].Page1[0].f1_04_0_[0]"] = reader.GetValue(2).ToString();
                    formFieldMap["topmostSubform[0].Page1[0].f1_05_0_[0]"] = reader.GetValue(3).ToString();
                    formFieldMap["topmostSubform[0].Page1[0].f1_07_0_[0]"] = reader.GetValue(4).ToString();
                    formFieldMap["topmostSubform[0].Page1[0].social[0].TextField1[0]"] = reader.GetValue(5).ToString();
                    formFieldMap["topmostSubform[0].Page1[0].social[0].TextField2[0]"] = reader.GetValue(6).ToString();
                    formFieldMap["topmostSubform[0].Page1[0].social[0].TextField2[1]"] = reader.GetValue(7).ToString();
                    formFieldMap["topmostSubform[0].Page1[0].social[0].TextField2[2]"] = reader.GetValue(8).ToString();
                    formFieldMap["topmostSubform[0].Page1[0].social[0].TextField2[3]"] = reader.GetValue(9).ToString();*/
                }
            }
        }
    }

    // Requester's name and address (hard-coded)
    //formFieldMap["topmostSubform[0].Page1[0].f1_06_0_[0]"] = "Medical Group\n27 West Ave\nPurchase, NY 10577";

    //var pdfContents = PDFHelper.GeneratePDF(pdfPath, formFieldMap);

    //PDFHelper.ReturnPDF(pdfContents, "Completed-W9.pdf");
}