Beauty is a tenuous term at best. Solving the problem and providing a solution are in a sense - beauty. Take a datagrid and plug in sortable columns custom user-selected page sizes and have it display a fair amout of data in 10 or more columns and you are "bad" because you have "dynamic SQL" and, heaven forbid, you can read it in the code-behind. I would suggest that for most, this solution is "beauty".

As a rule, the simplistic answer is that to defeat SQL injection, we must use stored procedures. Okay, so when that is done, what is the next crisis that will be created by the ne'er do well hackers of the world? I support Stephen's theory and thank him for some insight.