What is the best strategy to avoid hard coded SQL statements

Question

The other day I was showing a colleague some code I was working on, and in the passing he commented on the fact that I have hard coded SQL statements. Now these SQL Statements a

Answer 1

1. Stored procedures. Prevents all sorts of possible issues with injection, maintenance. Put database code where database code belongs.

2. ORM tool (like Hibernate, Subsonic, etc.) means you never see a line of T-SQL in the first place. Steeper learning curve, but a great practice to start sooner rather than later.