Minimise SQL injection in asp.net
According this blog,SQL injection still accounts for a large number of attacks.Here are three things you can use to prevent SQL injection.
1.Use a least-privileged database account.
2.Constrain and sanitize user input(client and server validation).
3.Use parametrized SQL statements instead of dynamic SQL
Most importantly , you need to know how the hacker to hack your site a.k.a have a hacker-mindset as a programmer when you do you job.