This is because SQL injection is a code injection technique that is used to attack data-driven application with malicious SQL statements. It is used to steal data from organizations. it is one of the most common application layer attack techiques used today. This type of attack takes advantage of improper coding of an application which allows the hacker to inject SQL commands.
Read the rest of the post here:Â http://www.mikesdotnetting.com/Article/113/Preventing-SQL-Injection-in-ASP.NET