SQL Injection in .NET

Question

Hi I was wondering if anyone knew of some good websites detailing prevention for SQL injection for .NET web applications. Any resources would be greatly appricated, thank you.

Answer 1

the first thing to know is to parameterize your queries or use stored procs....

Never use ad-hoc sql in code where you just append the value

give only read and write permissions (or only read for those pages that should not write)