c# How does SQL Command Paramatized Query Prevent SQL Injection
Posted on 2009-05-05
I am building an SQL Command like.
SqlCommand cmd = new SqlCommand(Delete from Customers where CustomerID = @CustomerID);
How does this acutally prevent SQL Injection?
If CustomerID was a string and a user entered "BobsCustomerID; drop table Customers" how is this not a risk with a parametized query.