Don't miss an insight. Subscribe to Techopedia for free.

Subscribe
Advertisements

Parameterized Query

Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects simply to a non-technical, business audience. Over…

Full Bio
View our Editorial Policy
Editor
checkmark
Editor
Last updated:

What Does Parameterized Query Mean?

A parameterized query is a type of SQL query that requires at least one parameter for execution. A placeholder is normally substituted for the parameter in the SQL query. The parameter is then passed to the query in a separate statement.

Advertisements

Techopedia Explains Parameterized Query

One major reason for using parameterized queries is that they make queries more readable. The second and most compelling reason is that parameterized queries help to protect the database from SQL injection attacks.

The following is an example of an ADO.NET parameterized query:

SELECT LastName FROM Contacts WHERE ContactID = @ContactID;

@ContactID is the parameter for this query, which might be defined in a subsequent statement similar to the following:

command.Parameters.Add(new SqlParameter(“@ContactID”, theContactID));

Advertisements

Related Terms

Related Reading

Tags

Trending Articles

Blockchain
How ChatGPT is Revolutionizing Smart Contract and Blockchain
Blockchain
An Introduction to Blockchain Technology
Blockchain
How Do Cryptocurrencies Work?
Healthcare IT
AI in Healthcare: Identifying Risks & Saving Money
Advertisements