Parameterized Query

Why Trust Techopedia

What Does Parameterized Query Mean?

A parameterized query is a type of SQL query that requires at least one parameter for execution. A placeholder is normally substituted for the parameter in the SQL query. The parameter is then passed to the query in a separate statement.

Advertisements

Techopedia Explains Parameterized Query

One major reason for using parameterized queries is that they make queries more readable. The second and most compelling reason is that parameterized queries help to protect the database from SQL injection attacks.

The following is an example of an ADO.NET parameterized query:

SELECT LastName FROM Contacts WHERE ContactID = @ContactID;

@ContactID is the parameter for this query, which might be defined in a subsequent statement similar to the following:

command.Parameters.Add(new SqlParameter(“@ContactID”, theContactID));

Advertisements

Related Terms

Margaret Rouse
Technology Specialist
Margaret Rouse
Technology Specialist

Margaret is an award-winning writer and educator known for her ability to explain complex technical topics to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles in the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret’s idea of ​​a fun day is to help IT and business professionals to learn to speak each other’s highly specialized languages.