Hi, and thanks for the reply .

I understand SQLi and have added precautions to my .Net code just as you did above, I really wondered whether anyone went to the additional step of additing checks into the stored procedure code as well. I was just thinking that, from a server level, there might be another developer with access privelages to run that procedure and whether anyone added validation within SProcs to verify non - insecure argument code was passed. Or as an alternative, whether SQL Server does a check itself.

Thanks again