# Parameters in BigQuery

You can use query parameters in BigQuery hashtag#SQL (now in the console as well!) — but how are they different from variables, and when should you use each?

Both parameters and variables act as placeholders and have a defined data type. The difference is where their value comes from and how they’re used.

Parameters (like @corpus)  
👉 Are not computed inside the query  
👉 Are passed from the outside (Python, UI, API, etc.)

Variables (DECLARE, SET)  
👉 Are defined and computed inside a SQL script or stored procedure  
👉 Let you store a value and reuse it later in the same script

So what’s the real difference?  
➡️ Variables are essential for Dynamic SQL (EXECUTE IMMEDIATE)  
➡️ Parameters can filter data, but cannot control identifiers (e.g. table or column names)

🚨 Security  
When values come from user input or external sources, parameters are the safer choice—they reduce the risk of SQL injection.

🚅 Performance  
Parameters may allow the optimizer to reuse execution plans, while variables can sometimes prevent that.

![](https://cdn.hashnode.com/uploads/covers/641c1535429c76261884ecba/587b5764-27e3-4ae9-b1b9-7d9491d2663e.png align="center")

*Found it useful? Check out to my Analytics newsletter at* [*notjustsql.com*](https://notjustsql.com)*.*
