why we use "@" while inserting or updating or deleting data in sql table

Question

I just want to know why we use "@" while inserting or updating or deleting data in sql table, as I used @name like below.

 cmd.Parameters.Add(new SqlParameter("@fname", txtfname.Text));

Answer 1

OK, no offense to the posters before me but I will try to explain it to you as simple as possible, so even a 7 year old understands it. :)

From my experience '@' in .SQL is used when you are "just not making it clear what exact data type or exact name will be used". "Later" you are pointing out what the exact value of '@' is.

Like, say, someone has developed some huge .SQL query which contains, say, the name of every person who has received it.

SELECT column_name,column_name FROM table_name WHERE column_name = @YOURNAME;

@YOURNAME = 'John Doe';

So, in this case, it's easier for everyone to just write their name at @YOURNAME and it will automatically convert the query to (upon launch):

SELECT column_name,column_name FROM table_name WHERE column_name = 'John Doe';

P.S: I am sorry for my syntax errors and incorrect terminology but I am sure you should have understood it by now. :)

Answer 2

See: SqlParameter.ParameterName Property - MSDN

The ParameterName is specified in the form @paramname. You must set ParameterName before executing a SqlCommand that relies on parameters.

@ is used by the SqlCommand so that the value of the parameter can be differentiatd in the Command Text

SqlCommand cmd = new SqlCommand("Select * from yourTable where ID = @ID", conn);
                                                                  ^^^^^^^
                                                   //This identifies the parameter

If @ is not provided with the parameter name then it is added. Look at the following source code, (taken from here)

 internal string ParameterNameFixed {
            get {
                string parameterName = ParameterName;
                if ((0 < parameterName.Length) && ('@' != parameterName[0])) {
                    parameterName = "@" + parameterName;
                }
                Debug.Assert(parameterName.Length <= TdsEnums.MAX_PARAMETER_NAME_LENGTH, "parameter name too long");
                return parameterName;
            }
        }

EDIT:

If you don't use @ sign with the parameter then consider the following case.

using (SqlConnection conn = new SqlConnection(connectionString))
        {
            using (SqlCommand cmd = new SqlCommand())
            {
                conn.Open();
                cmd.CommandText = "SELECT * from yourTable WHERE ID = ID";
                cmd.Connection = conn;
                cmd.Parameters.AddWithValue("ID", 1);
                DataTable dt = new DataTable();
                SqlDataAdapter da = new SqlDataAdapter(cmd);
                da.Fill(dt);
            }
        }

The above will fetch all the records, since this will translate into SELECT * from yourTable WHERE 1=1, If you use @ above for the parameter ID, you will get only the records against ID =1

Answer 3

Variables and parameters in SQL Server are preceded by the @ character.

Example:

create procedure Something
  @Id int,
  @Name varchar(100)
as
...

When you create parameter objects in the C# code to communicate with the database, you also specify parameter names with the @ character.

(There is an undocumented feature in the SqlParameter object, which adds the @ to the parameter name if you don't specify it.)