ADO Command.Execute With Array of Parameters & SQL Injection

ADO Command.Execute With Array of Parameters & SQL Injection

Quick question... I have to work with quite a bit of legacy ASP code that
I am cleaning up, and it all uses queries that are vulnerable to SQL
injection. I have a library that I put together to replace them with
parameterized queries, and I'm wondering if there is a difference from a
security standpoint between the following approaches.
Approach 1: This is the approach shown on most examples where parameter
objects are individually built and added to the Command object. Here's an
example from another question.
Approach 2: Use the Command.Execute method with an array of parameter
values. Example:
Command.Execute "select foo, bar from baz where a = ? and b = ?", Array(1,
"BBB")
The first approach has each parameter built with its type, size, etc all
specified, and it needs to match the database. But I've always had trouble
with that approach, weird errors and the like if everything isn't "just"
perfect. So I prefer the latter, and it in fact works with my coding style
much better because I can encapsulate the DB logic into a class and pass
around arrays as needed without having to litter my code with tons of DB
calls.
Given that, I'm wondering, is approach #2 still safe from SQL injection
attacks?
Thanks.