Casting Values to Defend Against SQL Injection

"When using numeric fields in a database-driven application, make sure you actually cast those variables to an appropriate numeric type before using them. Doing so will prevent SQL insertion attacks by throwing an exception if a user places something nonnumeric into that field. With a little more work, the error handler could be configured to fire off an alert, or write to a log file, almost like a mini application-level intrusion detection system."

Author: Lamont Adams
Url: http://builder.com.com/5100-6387-1044869.html