Security needs to be multiple levels deep. At one point in time several years ago there was a trend to have all websites code use stored procedures. I heard developers say it prevented
SQL Injection.If the database you use allows you to build
SQL statements with a string dynamically at run time ...
More...