One of our favorite security maxims is "Never trust user input." Most other factors in your application are under your control, but anything a user supplies crosses a security boundary and should be mistrusted until proved benign.

We described a classic example of this in Chapter 7 when we discussed how a user could perform a SQL injection attack. For example, with the SQL Server CE RDA SubmitSql method or classes in System.Data.SqlClient, you can execute Transact-SQL (T-SQL) commands directly on a SQL Server database. You might construct the T-SQL statement using code such as "UPDATE Cars SET Color ='" + TextBox1.Text + """, and then expect the user to enter values such as Red, Blue, or Yellow.

What if the user enters: "