Code has been added to clipboard!

Preventing SQL Injection in ASP.NET

Example
txt_user_id = getRequestString("user_id");
sql = "SELECT * FROM customers WHERE customer_id = @0";
command = new SqlCommand(sql);
command.Parameters.AddWithValue("@0",txt_user_id); 
command.ExecuteReader();