HELP! I don't 'get it'!<p>Looking at that list of SQL injection attack techniques, I don't see the threat.<p>Or: Yes, I'm building a Web site, and the server will be running SQL Server.<p>Some of my Web pages have users enter data in text boxes. So, they could enter a SQL command in a text box.<p>Then when the Web page is returned to my Web server as a 'post back', my software reads the data in the text boxes.<p>I have the page built, have code for extracting the data from the text boxes and putting it in, say, string variables in Visual Basic .NET, and now am writing the code for looking at the data in the strings from the text boxes.<p>So far, I see no threat.<p>So, I intend to look at the data in the strings and see if it looks anything like a SQL command. Anything that looks like a SQL command will get rejected as bad data and not get near my SQL Server database. Maybe I will write the bad data to my log file.<p>So, I'm checking the input data from the users. I am assuming that the input data could be anything at all until my code establishes otherwise.<p>Doesn't everyone do such checking?<p>With such checking, where is the threat of 'SQL injection'?<p>If SQL injection is a threat, then why? Just from people not checking input data from users? Some other reason?