Adding Parameters to SQL Server Queries
Option 1:
Create a new Parameter object for each parameter required in the SQL query or Stored Procedure.
//Create a new command object
SqlCommand cmd = new SqlCommand();
//Create a new parameter
SqlParameter param = new SqlParameter("@parameterName", paramValue);
//add the parameter to the command
cmd.Parameters.Add(param);
Option 2:
Use the AddWithValue, to create Parameter and assign a value to a Command object.
//Create a new command object
SqlCommand cmd = new SqlCommand();
//add the parameter to the command
cmd.Parameters.AddWithValue("@parameterName", paramValue);