using System.Data.SqlClient; string query = "SELECT * FROM Customers WHERE PostalCode = @postalcode"; using (SqlConnection conn = new SqlConnection(connectionString)) { conn.Open(); using (SqlCommand cmd = new SqlCommand(query, conn)) { cmd.Parameters.AddWithValue("@postalcode", "10001"); // Execute the query and process the results } }In this example, the AddParameter method is used to specify the value for the PostalCode parameter in the SQL query. This helps to prevent SQL injection attacks and ensure that the query is executed correctly. AddParameter is part of the System.Data.SqlClient namespace, which is part of the .NET Framework Class Library. It is included in the System.Data.SqlClient package, which is included with all versions of .NET Framework.