.NET - 来自非用户输入的 MySQL 查询参数

我知道在查询中使用参数可以防止SQL注入(从用户输入中获取值时(。但是，如果我想构造一个使用预定义值的查询，例如

MySqlCommand Command = Connection.CreateCommand();
Command.CommandText = "SELECT employee_address FROM employees WHERE employee_name = @employee_name";
Command.Parameters.AddWithValue("employee_name", "John");

我不能用这个代替吗？

MySqlCommand Command = Connection.CreateCommand();
Command.CommandText = "SELECT employee_address FROM employees WHERE employee_name = 'John'";

在这种情况下是否有必要使用参数？

我也可以这样做吗？

string employee_name = "John"; //value depends on some sort of selection (not user input)
MySqlCommand Command = Connection.CreateCommand();
Command.CommandText = "SELECT employee_address FROM employees WHERE employee_name = '" + employee_name + "'";