SqlCommand cmd = new SqlCommand("SELECT * FROM Customers WHERE FirstName = @FirstName", conn); SqlParameter param = new SqlParameter("@FirstName", SqlDbType.NVarChar); param.Value = "John"; cmd.Parameters.Add(param);
SqlCommand cmd = new SqlCommand("INSERT INTO Orders (CustomerID, OrderDate) VALUES (@CustomerID, @OrderDate)", conn); SqlParameter param1 = new SqlParameter("@CustomerID", SqlDbType.Int); param1.Value = 1234; SqlParameter param2 = new SqlParameter("@OrderDate", SqlDbType.DateTime); param2.Value = DateTime.Now; cmd.Parameters.Add(param1); cmd.Parameters.Add(param2);In this example, we create a new SqlCommand object with a parameterized SQL query that inserts data into a table with two columns. We then create two SqlParameter objects with names and types that match the parameters in the query, set their values to an integer and a datetime value respectively, and add them to the SqlCommand object using the Add() method. Package Library: System.Data.SqlClient (This namespace provides data access for Microsoft SQL Server.)