SQL Injection in .NET

Question

Hi I was wondering if anyone knew of some good websites detailing prevention for SQL injection for .NET web applications. Any resources would be greatly appricated, thank you.

Answer 1

If you use the SqlCommand.Parameters collection to pass parameters and never inject user text into you Sql query text, there's no risk.