Addressing SQL Injection Attacks
What is a SQL Injection Attack? Here is the definition (from the article by Paul Litwin in the September 2004 MSDN Magazine).
The basic idea behind a SQL injection attack is this: you create a Web page that allows the user to enter text into a textbox that will be used to execute a query against a database. A hacker enters a malformed SQL statement into the textbox that changes the nature of the query so that it can be used to break into, alter, or damage the back-end database.
How do you go about preventing it? Here's how: Stop SQL Injection Attacks Before They Stop You.