A parameterized query is a type of query in which the placeholders are used for the parameters and the parameter values are supplied at the execution time.
Why we use the Parameterized Query
- The most important reason to use the parameterized query is to avoid all the SQL injection attacks.
- Secondly, the parameterized query takes care of the scenario where sql query might fail for e.g. inserting of O'Baily in a field. Parameterized query handles such type of queries without forcing you to replace single quotes with double single quotes.
If you want to learn more about SQL, Check out this SQL training and certification program by Intellipaat.