如何对此进行参数化查询

string type_id="text";  
updateCommand = string.Format("UPDATE ") + type_id
    + string.Format("_Table SET Status={0},Seq={1},Cy={2},Ca={3},Iv={4}", bcr, seq, cy, ca, iv)
    + string.Format("WHERE ASDU = {0} AND IOA = {1}", station, ioa);

首先，使 SQL 可读

string type_id = "text";  
... 
string updateCommand = 
  $@"UPDATE {type_id}_Table
        SET Status = @prm_Status,
            Seq = @prm_Seq,
            Cy = @prm_Cy,
            Ca = @prm_Ca,
            Iv = @prm_Iv
      WHERE ASDU = @prm_ASDU AND 
            IOA = @prm_IOA";

请注意，您无法参数化表的名称，但 C# 6.0 字符串内插会有所帮助;然后执行更新本身：

  using (SqlConnection conn = new SqlConnection(ConnectionStringHere)) {
    conn.Open();
    using (SqlCommand q = new SqlCommand(updateCommand, conn)) {
      // AddWithValue: not the best choice, 
      // but I have no idea on 'bcr', 'seq'.. 'ioa' etc. types
      q.Parameters.AddWithValue("@prm_Status", bcr);    
      q.Parameters.AddWithValue("@prm_Seq", seq);
      q.Parameters.AddWithValue("@prm_Cy", cy);
      q.Parameters.AddWithValue("@prm_Ca", ca);
      q.Parameters.AddWithValue("@prm_Iv", iv);
      q.Parameters.AddWithValue("@prm_ASDU", station);
      q.Parameters.AddWithValue("@prm_IOA", ioa);  
      q.ExecuteNonQuery();  
    }
  }