6 Tips to Prevent SQL Injection when Programming with ASP.NET


6 Tips to Prevent SQL Injection when Programming with ASP.NETASP.NET provides us beautiful mechanism for prevention against the SQL injection. There are some thumb rules that should be followed in order to prevent injection attacks on our websites.
  1. User input should never be trusted. It should always be validated
  2. Dynamic SQL should never be created using string concatenations.
  3. Always prefer using Stored Procedures. 
  4. If dynamic SQL is needed it should be used with parametrized commands (see example in c#).
  5. All sensitive and confidential information should be stored in encrypted.
  6. The application should never use/access the DB with Administrator privileges.
wait me in an explanation for all this tips, one by one ;)