Additionally, for new projects as well as old projects, we
can maintain the following best practices to avoid the attack.
1. Use escape character routines to handle special
2. Use stored procedures rather than dynamic query where
3. Use parameterized query incase of dynamic query
4. Use HtmlEncode and decode techniques to show html data
5. Use a least privileged database account- only stored
procedure will have the permission for update/insert and script will have only