Prepared statements are JAVA's method for writing parametrized SQL, right? In .NET, you call it as parameterized queries. You write it like
string query = SELECT * FROM SomeTable WHERE SomeId = @id;<br />......<br />yourCommand.Parameters.AddWithValue("@id",someid);
For more information, read
SQL Injection Attacks and Some Tips on How to Prevent Them[
^]
:)