Michael Valentine Jones (3/18/2009)
It isn't always easy to convince even experienced developers that SQL Injection can be a problem. Look at this current thread.Avoiding injection on stored procedure
I've put a suggestion at http://www.sqlservercentral.com/Forums/Topic678702-8-2.aspx for that one.