In this paper the author will explain, in detail, the common SQL injection technique, as it applies to the popular Microsoft Internet Information Server/Active Server Pages/SQL Server platform. The paper will also cover the various ways in which SQL can be injected into the application and addresses some of the data validation and database lockdown issues that are related to this class of attack.