Parameters

NDO Queries provide a collection for query parameters. The query expression uses placeholders for the parameters:

Query q = pm.NewQuery(typeof(Employee), "salary > {0}");

q.Parameters.Add(50000);

The expression {0} means that the first entry in the Parameters collection should be used as a parameter.

There are two advantages resulting from the use of parameters:

1.   The parameters are translated to ADO.NET parameters. This helps to prevent SQL Injection attacks.

2.   You don’t need to convert the parameters into strings in the custom format according to your databases needs. Think of converting DateTime values to strings. If you use parameters, just add the DateTime value to the parameters list and let ADO.NET do the rest for you.