SQL injection

[Mondeo]

Whats the best way to prevent this, I mean to prevent malformed user input from causing an exception.

Ive realised the obvious of removing any apostrophies before generating the SQL statement but ive no doubt theres a lot more to it than than!

 

[PlausiblyDamp]

Use stored procedures or parametrised queries. Basically avoid string concatenation in any of its forms.