I have an application which is prone to sql injection.while forming the queries, its taking inputs directly from the controls or query string etc
Now I have to remove the risk of sql injection from the whole application. I know there are two ways to do that:
1. make the query parameterized
2. or make the stored procedures
But the problem is that, there are around 12000 instances where I have to make the changes, if I follow any of the above two methods.
My question here is:
Is there any other way to do this when the instance count is too big?