Parametric (Secured) MSSQL Query

Sep 21 2021 3:45 AM

why we use parametric SQL query instead of simple one.

string CustomerName = "Anderson"

//Simple MSSQL Query

string qr = "SELECT CustomerCode FROM accounts WHERE CustomerName = '" + CustomerName + "' ";

// Parametric MSSQL Query

List<SqlParameter> param = new List<SqlParameter>().ToList();
sparam.Add(new SqlParameter() { ParameterName = "@AccountName", Value = CustomerName });

string qr = "SELECT CustomerCode FROM accounts WHERE CustomerName = @AccountName ";

 


Answers (5)