Timothy,
The following articles may be of use to you.:w00t:
http://www.sqlservercentral.com/articles/Security/updatedsqlinjection/2065/
http://www.mssqltips.com/tip.asp?tip=1455
http://www.sommarskog.se/dynamic_sql.html
http://msdn2.microsoft.com/en-us/magazine/cc163917.aspx
----------------------------------------------------------------------------
"No question is so difficult to answer as that to which the answer is obvious." - George Bernard Shaw