Using parameterized SQL queries
Now that I'm working for me (have I mentioned that lately? ;)), I'm going to try and devote more attention to uber:ASP.Net. I had such good intentions for that site before I went back to work for The Man in January, but quickly slacked off due to a lack of time.
This is really, really basic stuff probably for the blogging audience, but I see in various forums people doing unsafe things when passing form data in to SQL queries. I've been meaning to whip up a quick article on it forever. Finally got around to that tonight! Feel free to link to it anytime you see that n00b code in your favorite forum where someone is having unprotected SQL.