What does the "@" symbol do in SQL?

The @CustID means it's a parameter that you will supply a value for later in your code. This is the best way of protecting against SQL injection. Create your query using parameters, rather than concatenating strings and variables. The database engine puts the parameter value into where the placeholder is, and there is zero chance for SQL injection.


@ is used as a prefix denoting stored procedure and function parameter names, and also variable names


You may be used to MySQL's syntax: Microsoft SQL @ is the same as the MySQL's ?