-When you use parameterized query,it need only parse and check the syntax of the query the first time it is executed. So long as the SQL statement being executed is unchanged, excluding the values of the parameters, subsequent executions do not need parsing and syntax checking.
-Also, upon repeated execution of a parameterized query, only the parameter values need to be sent to the server. The remainder of the query does not, having already been sent during a previous execution.
-If you use parameterized query,you can get measurable performance impact of using it versus dynamic SQL.
-It plays important role as per as SQL Injection attacks are concerned.
Why parameterized queries stop SQL injection attacks?