C# Dapper支持防止SQL注入

            string userId = "';DELETE FROM User WHERE Id=5;'";
            string sql = @"SELECT * FROM User WHERE Id = @userId";
            DynamicParameters parameters = new DynamicParameters();
            parameters.Add("userId", userId);

经过Dapper处理执行的SQL输出，会将 ' 转义字符为 \'

SELECT * FROM User WHERE Id = '\';DELETE FROM User WHERE Id=5;\'';
会替换一些sql关键字