Use stored procs as the first defense.
>Hi everybody,
>
>I'm thinking, that instead of trying to intercept every request we may try to use UPDATE/INSERT triggers for every table and reject entries contaning < script > Does it sound like a better approach?
>
>What do you think?
>
>Thanks in advance.
Craig Berntson
MCSD, Microsoft .Net MVP, Grape City Community Influencer