Data Security: Stop SQL Injection Attacks Before They Stop You -- MSDN Magazine, September 2004

Data Security: Stop SQL Injection Attacks Before They Stop You -- MSDN Magazine, September 2004: "rmed with advanced server-side technologies like ASP.NET and powerful database servers such as Microsoft� SQL Server�, developers are able to create dynamic, data-driven Web sites with incredible ease. But the power of ASP.NET and SQL can easily be used against you by hackers mounting an all-too-common class of attack�the SQL injection attack.
The basic idea behind a SQL injection attack is this: you create a Web page that allows the user to enter text into a textbox that will be used to execute a query against a database. A hacker enters a malformed SQL statement into the textbox that changes the nature of the query so that it can be used to break into, alter, or damage the back-end database. How is this possible? Let me illustrate with an example."