I will be going to use MSSQL 2000 to develop the the web application.
But I am told to use inline SQL(ie not Stored Procedure) to develop the web application,
I am concern about SQL injection,
will the preparedStatement help to eliminate the problem of SQL injection?
If not, is there any written classes that can help us to format the user input?