如何在没有SQLInjection的情况下动态插入SQLite？

问：

我有一个从另一个应用程序接收数据的函数。我想将此数据（user，password，repeatPassword）插入到SQLite数据库中，并避免.我该怎么做？ 我的代码：SQLInjection

        public class Data
        {
            public string user { get; set; }
            public string password { get; set; }
            public string repeatPass { get; set; }
        }

       [HttpPost, AllowCrossSite]
        [EnableCors(origins: "http://localhost:4200", headers: "*", methods: "*")]
        [Route("api/Register/Posthdf")]
        public IHttpActionResult Posthdf(Data data)        
        {
            using (SQLiteConnection conn = new SQLiteConnection("Data Source=C:\\ProiectVisualStudio\\Reporting_how-to-use-the-web-report-designer-in-javascript-with-angular-t566422-19.2.3-\\CS\\ServerSide\\App_Data\\RegisterDB.db; Version = 3; New = True; Compress = True; "))
            {
                using (SQLiteCommand cmd = new SQLiteCommand())
                {
                    try
                    {
                        cmd.Connection = conn;
                        conn.Open();
                   //this inserts data correctly in DB: string strSql = "INSERT INTO tbl_Users (User, Password, RepeatPassword) VALUES('Teste1', 'Teste2', 'Teste3');";                    
                        strSql = "INSERT INTO tbl_Users (User, Password, RepeatPassword) VALUES(" + data.user + ", " + data.password + ", " + data.repeatPass + ");";                       
                        cmd.CommandText = strSql;
                        cmd.ExecuteNonQuery();
                        // do something…
                        conn.Close();
                    }
                    catch (Exception ex)
                    {
                        System.Diagnostics.Debug.WriteLine("***Error connection DB: " + ex + "/n");
                    }
                }
            }
    
            if (!ModelState.IsValid)
                return BadRequest("Invalid data");        

            return Ok(true);        
            
        }