hello guys, just want to share and gain more knowledge from all of you..

i just want to list some steps that can be taken in order to prevent sql injection attack..i gathered all those things from my knowledge and my readings...correct me if i am wrong and feel free if you want to add more ways to prevent sqli...and i hope you will do so...some are taken from websecurityinnovation, internet, researchers..

hope we can benefit from this..

WEB APPLICATION LEVEL

+use aliases when construct queries
+limit length for form fields
+different field name compared to database
+audit codes
+input type checking
+encoding of inputs
+positive pattern matching
identification of all input sources
+parameterized query
+prepared statement

DATABASE LEVEL

+use difficult to guess table and column name
+validate data at server side
+keep up to date patches
+ensure schema is unique
+use stored procedures
+least privileges

sql server shouldnt be running as root, or have any read/write permission. so load_file and into outfile, can not be used

http://www.xssed.com/archive/author=PaPPy/

that's new information for me..thanx!
anything else guys? hope this can be some sort of repository to share knowledge in preventing sqli :)