While I was at SQL Intersection yesterday, I was asked if Microsoft has any best practice guidance on avoiding SQL Injection attacks.

I asked around a bit and, sure enough, yes we do.

Best Practice Guidance on SQL Injection Proections