An organization can rely on following methods to guard themselves against SQL injection

☛ Sanitize user input: User input should be never trusted it must be sanitized before it is used

☛ Stored procedures: These can encapsulate the SQL statements and treat all input as parameters

☛ Regular expressions: Detecting and dumping harmful code before executing SQL statements

☛ Database connection user access rights: Only necessary and limited access right should be given to accounts used to connect to the database

☛ Error messages: Error message should not be specific telling where exactly the error occurred it should be more generalized.