I have no problem with the coding of sql parameters, but could someone give me an explanation or a good link of why I should use them.

Consider if I had a variable called
VB Code:
  1. dim strName as String =  "John"
I could then do either
VB Code:
  1. sqlCmd.CommandText = "SELECT * FROM contacts WHERE name = '" & strName & "'"
or
VB Code:
  1. sqlCmd.CommandText = "SELECT * FROM contacts WHERE name = @name"
  2. sqlCmd.Parameters.Add(New SqlCeParameter("@name", strName))
Thankyou