OWASP has a great website discussing SQL injection:
The Open web application Security project is an effort to help the programming community in securing their websites
And I will copy a couple of lines from their SQL_Injection_prevention_Cheat_sheet becasue it is important:
- Option #1: Use of Prepared Statements (Parameterized Queries)
- Option #2: Use of Stored Procedures
- Option #3: Escaping all User Supplied Input
A Sigma Scan(Σ ) can help uncover any potential SQL injection vulnerabilities
To truly make sure that your site does not have any vulnerabilities, it is a good idea to test and interdependently verify these