I am very new to working with databases. Now I can write
INSERTcommands. But I have seen many forums where we prefer to write:
SELECT empSalary from employee where salary = @salary
SELECT empSalary from employee where salary = txtSalary.Text
Why do we always prefer to use parameters and how would I use them?
I wanted to know the use and benefits of the first method. I have even heard of SQL injection but I don't fully understand it. I don't even know if SQL injection is related to my question.