One of the most effective methods of preventing SQL injection from being used is to thoroughly validate every input from the user, by identifying all possible meta-characters which could be utilized by the database system and filtering them out. Filters should be in place to remove everything but known good data. An account lockout policy should also be in place to prevent the brute force guessing of passwords.