Preventing SQL injection attacks. Need your advice.