http://weblogs.asp.net/ericjsmith/archive/2005/06/30/417001.aspxIs Dynamic SQL in Your Stored Procedures Vulnerable to SQL Injection? ... article. Since writing sprocs as outlined in Erland's article can be tedious, I created a CodeSmith template that will do the work for you. You only need to input the table youenCommunityServer 2007 SP1 (Build: 20510.895)