string sql = "select * from table1 where username='{0}' and password={1}" sql = String.Format(sql,"用户名","口令");