i found using of prepared statements in PHP by mysqli_stmt_prepare() Function. what is like it in C# for SQL-Server? i found this code example(using parameterize command). is this what i am looking for?
SqlConnection conn = new SqlConnection();
SqlCommand com = new SqlCommand();
SqlDataAdapter dap = new SqlDataAdapter();
DataTable tbl = new DataTable();
SqlParameter param = new SqlParameter();
conn.ConnectionString = @"Data Source=...";
com.Connection = conn;
com.CommandText = "select * from tbl1 where id<@id";
com.Parameters.AddWithValue("@id",4);
com.CommandType = CommandType.Text;
dap.SelectCommand = com;
conn.Open();
dap.Fill(tbl);
conn.Close();
dataGridView1.DataSource = tbl;
if NO, then what?
if YES, tell me how to using character '?' instead of writing @id in command text.
thanks