Are the sql parameterised query completely secure ?

Question

I have been coding on highly sensitive databases for sometime now , and has been using parameterised sql query like,

sqlcommand cmd = new sqlcommand("insert into register values(@name,@phone_no"),connection);

cmd.parameters.add('@name',name);

cmd.parameters.add('@phone_no',phone_no);

does these things could be trespassed , or the malicious instruments are completely nullified

And how to secure data tampering ?

Akkiraju Ivaturi · Answer

Parameterized SQL is one of the way you can eliminate data tampering and so it should be secured in a way. You might also have consider validating the input before passing the values to the Stored Procedures like if you are expecting only numeric and - in the phone number restrict other characters. Validating data as much as you can will provide more security to your application. So what you asked is going to be a secured code for sure. But additional validations definitely helps you.