Computerworld

Beyond stored procedures: Defense-in-depth against SQL injection

SPI Dynamics – A few years ago, mentioning the phrase “SQL injection” to developers would probably get you blank stares. Today, while more developers have heard of SQL injection 1 attacks and know the ...
Ars Technica

Using stored procedures for all sql?

Right now I'm working on an application (ASP.NET 2.0, SQL 2005) which uses stored procedures for all SQL, apparently so nobody has to "play find the SQL" (their words) in the application.<BR><BR>The ...