Others have suggested alternative ways of constructing the SQL, but you shouldn't be including the values in the SQL at all. You should be using a parameterized query, which avoids SQL injection attacksamongst other things.

其他人提出了构建 SQL 的替代方法，但您根本不应该在 SQL 中包含这些值。您应该使用参数化查询，这可以避免SQL 注入攻击等。

It's not immediately clear to me which driver you're using, but assuming it's the Devart.com one, the documentation for SQLiteCommand.Parametersgives a good example of how to do this. In your case, the code would become something like:

我不是很清楚您正在使用哪个驱动程序，但假设它是 Devart.com 的驱动程序，文档提供SQLiteCommand.Parameters了一个很好的示例，说明如何执行此操作。在你的情况下，代码会变成这样：

string dataSource = "Database.s3db";
using (SQLiteConnection connection = new SQLiteConnection())
{
    connection.ConnectionString = "Data Source=" + dataSource;
    connection.Open();
    using (SQLiteCommand command = new SQLiteCommand(connection))
    {
        command.CommandText =
            "update Example set Info = :info, Text = :text where ID=:id";
        command.Parameters.Add("info", DbType.String).Value = textBox2.Text; 
        command.Parameters.Add("text", DbType.String).Value = textBox3.Text; 
        command.Parameters.Add("id", DbType.String).Value = textBox1.Text; 
? ? ? ? command.ExecuteNonQuery();
    }
}