This tip is expired by article two-steps-forward-to-more-secure-applications. The First part of the article discusses SQL Injection Attack and how to develop code protected from it.
After read of the article you will know that to easy way for protection – is usage of SQL binding. Wow? One more reason to ALWAYS use SQL binding! Other well known reason are
- reduces CPU time as for client so for server, because no string concatenations on the client side, and less job for parser on the server side.
- enables usage of Query Pool, because SQL command is the same byte to byte.