Select the one which would lead to SQL injection attack
SqlDataAdapter myCommand = new SqlDataAdapter( "SELECT CustomerName, Email, PhoneNo FROM users WHERE cust_id = '" + txtuser.Text + "'", myConnection);
CREATE PROCEDURE procGetUser @custId VARCHAR(5) AS SELECT CustomerName, Email, PhoneNo FROM Customers WHERE cust_id = @custId
SqlDataAdapter myDataAdapter = new SqlDataAdapter("SELECT CustomerName, Email, PhoneNo FROM Customers WHERE cust_id = @cust_id", connection); myCommand.SelectCommand.Parameters.Add("@cust_id", SqlDbType.VarChar,
All the above