mtaylor7210 63514 (4/13/2010)
True but anytime you are taking parameters you open yourself up to injection.
No, I believe you are mistaken.
Please explain why you think using parameterized stored procedures opens you up to SQL injection?
Unless, of course, you use those parameters to create dynamic SQL.