How do parameterized queries help against SQL injection?

Question

In both queries 1 and 2, the text from the textbox is inserted into the database. What\'s the significance of the parameterized query here?

1. Passing tx

Answer 1

Parameterized queries handles everything - why go to the trouble?

With parametrized queries, in addition to general injection, you get all the data types handled, numbers (int and float), strings (with embedded quotes), dates and times (no formatting problems or localization issues when .ToString() is not called with the invariant culture and your client moves to a machine with and unexpected date format).