I have a web application that will allow users to submit comments. The
database activity consists of a single insert statement into a comments
table. I want to lock down this operation against sql injection attacks.
Can someone point me to a discussion of general principles? I've seen
reference to V3 extended-query protocol. Where is this invoked? Other
suggestions?