With Add()
method you may restrict user input by specifying type and length of data – especially for varchar
columns.
.Parameters.Add("@name",SqlDbType.VarChar,30).Value=varName;
In case of AddWithValue() (implicit conversion of value) method, it sends nvarchar value to the database.