These are the way to pass parameter to sql command.
using (SqlConnection conn = new SqlConnection(GetConnectionString())
{
conn.Open();
SqlCommand cmd = new SqlCommand(query, GetConnection());
cmd.Parameters.Clear();
//To add parameters refer any one below methods and execute query.
//Method 1: Using AddWithValue function of SqlCommand parameter property.
cmd.Parameters.AddWithValue("Fname", Value1);
cmd.Parameters.AddWithValue("Lname", Value2);
//Method 2: Using Add function of SqlCommand parameter property.
SqlParameter paramFname = new SqlParameter();
paramFname.ParameterName = "@Fname";
paramFname.Value = Value1;
cmd.Parameters.Add(paramFname);
SqlParameter paramLname = new SqlParameter();
paramLname.ParameterName = "@Lname";
paramLname.Value = Value2;
paramLname.DbType = DbType.String;
cmd.Parameters.Add(paramLname);
//Method 3: Using AddRange function of SqlCommand parameter property with array.
SqlParameter[] SqlParameters = new SqlParameter[]
{
new SqlParameter("@Fname", Value1),
new SqlParameter("@Lname", Value2),
};
cmd.Parameters.AddRange(SqlParameters);
//Method 4: Using AddRange function of SqlCommand parameter property with list.
List<SqlParameter> list = new List<SqlParameter>();
list.Add(new SqlParameter("@Fname", Value1));
list.Add(new SqlParameter("@Lname", Value2));
cmd.Parameters.AddRange(list.ToArray<SqlParameter>());
SqlDataReader reader = cmd.ExecuteReader();
}