How do parameterized queries help against SQL injection?

Question

In both queries 1 and 2, the text from the textbox is inserted into the database. What\'s the significance of the parameterized query here?

1. Passing tx

Answer 1

Parameterized queries allow the client to pass the data separately form the query text. Where on most free from text you would do validation + escaping. Of course Parameterization don't help against other kind of injection, but as the parameter are passed separately, they are not use as execution text query.

A good analogy would be the "recent" execution bit used with most of the modern processor and Operating system to protect from buffer overflow. It still allows the buffer overflow but prevent the execution of the injected data.