I have a boolean variable value stored in an SQL Server database. This is presented to end users as a checkbox on an ASP.NET webpage. Toggling the checkbox naturally updates the value in the database.
I was about to remove the SQL query that is written in plain text in the C# code behind and replace it with a stored procedure in order to improve security by protecting against SQL injection attacks. My understanding of injection attacks is limited, but surely one could not trigger an attack from an unsecured checkbox input? Or could one?