From what do sql parameters protect you?

Question

Parameters are used to protect you from malicious user input.

But if the parameter expects a string, is it possible to write input that will be interpreted as sql, s

Answer 1

The only risk would be if you perform an exec on a parameterized string.

In all other cases, parameterized queries are safe.