ScottGu posts an amazing article on how to guard against SQL Injection attacks in "Tip/Trick: Guard Against SQL Injection Attacks". He goes into great detail and provides a variety of .NET resources to help you safeguard your applications. Very nice work.
SQL Injection is real, frightening and a real risk to any website owner. I've been talking about this for some time as well; I posted "SQL Injection" back in 2004 (when I had free time to attend webcasts).
The list of .NET resources in Scott's article are well worth a look for application architects and developers.