c#中的SQL参数没有像预期的那样工作

我想我在这里犯了一个相当业余的错误，但是我不能让SQL参数在c#中可靠地工作。考虑下面的代码:

        protected string[] Query(string dataToFind, string tableName, string fieldToCheck, string fieldToReturn)
    {
        SqlConnection connection = new SqlConnection(ConfigurationSettings.AppSettings["ConnectionString"]);
        SqlDataReader dataReader = null;
        SqlCommand command = connection.CreateCommand();
        command.CommandText = "SELECT " + fieldToReturn + " FROM " + tableName + " WHERE " + fieldToCheck " = '" + dataToFind "'";
        try
        {
            connection.Open();
            dataReader = command.ExecuteReader();
etc...

如您所期望的那样执行，从表tableName返回fieldToReturn。但是，我知道这很容易受到SQL注入的影响，避免这种情况的正确方法是使用参数。所以我把代码改成如下:

protected string[] Query(string dataToFind, string tableName, string fieldToCheck, string fieldToReturn)
    {
        SqlConnection connection = new SqlConnection(ConfigurationSettings.AppSettings["ConnectionString"]);
        SqlParameter[] parameters = new SqlParameter[4];
        parameters[0] = new SqlParameter("@dataToFind", dataToFind);
        parameters[1] = new SqlParameter("@name", tableName);
        parameters[2] = new SqlParameter("@fieldToCheck", fieldToCheck);
        parameters[3] = new SqlParameter("@fieldToReturn", fieldToReturn);
        SqlDataReader dataReader = null;
        SqlCommand command = connection.CreateCommand();
        command.Parameters.AddRange(parameters);
        command.CommandText = "SELECT @fieldToReturn FROM @tableName WHERE @fieldToCheck = @dataToReturn";
        try
        {
            connection.Open();
            dataReader = command.ExecuteReader();
etc...

如果我在我的数据库中有3个匹配，第一个代码示例返回3个匹配。第二个代码返回0个结果?!

我是不是太蠢了，错过了什么明显的东西?

@dataToFind
@name
@fieldToCheck
@fieldToReturn

@fieldToReturn
@tableName
@fieldToCheck
@dataToReturn