I have read several articles on MSDN, here at Experts-Exchange, etc. to better understand SQL injection and prevention standards. Below is a result of this research. However, I would appreciate it if someone could confirmed that this is the path I need to take.
Thank you in advance.
CREATE PROCEDURE [dbo].[sp_addNavElement]
DECLARE @cmd nvarchar(max)
DECLARE @parameters nvarchar(max)
SET @cmd = N'INSERT INTO navSystemA (navID, navURL, navOrder) Values (@navID, @navURL, (select count(*) from navSystemA)+ 1 )'
SET @parameters ='@navID varchar(30), @navURL varchar(30)'
EXEC sp_executesql @cmd, @parameters, @navID, @navURL