Question: LLBLGen Pro generates SQL on the fly and doesn't use stored procedures to do its database operations. Aren't these queries vulnerable for SQL injection attacks? ** Solution:** All SQL generated by LLBLGen Pro is parameterized. This means that no values are embedded into the SQL query being generated. Due to the parameters, a value can never influence the query being executed, as the value will never be part of the query itself, but just a value of a parameter. The generated code is therefore not vulnerable for SQL injection attacks.