parameterized sql query - asp.net / c#

Question

So I recently learned that I should absolutely be using parametrized query\'s to avoid security issues such as SQL injection. That\'s all fine and all, I got it working.

Answer 1

Use single line SqlParameterCollection.AddWithValue Method

cmd.Parameters.AddWithValue("@username",username.Text);