Use the SqlCommand object to specify and add parameters.

using System.Data.SqlClient;

var connection = new SqlConnection("[connection string]");

// Anything prefaced with "@" is a parameter which can be added and resolved later
var command = new SqlCommand("SELECT * FROM table WHERE field = @value")
  Connection = connection();

// Resolve the parameter by giving it the actual value to use...
command.Parameters.AddWithValue("value", "the actual value");
var dataReader = command.ExecuteReader();



To do

  • Add some narrative
  • Show code examples