You are creating an ASP.NET application by using the .NET Framework 3.5.

You deploy the application to a remote server. The application contains form submissions, QueryString parameters, cookies, and ViewState properties. The application connects to a database.

You need to ensure that SQL injection attacks are minimized.

Which three actions should you perform? (Each correct answer presents part of the solution.
Choose three.)

A.
Constrain and sanitize user input.

B.
Use parameterized SQL statements.

C.
Use a least-privileged database account.

D.
Display error information so that errors can be resolved.

E.
Convert all stored procedures to dynamic SQL and use the sp_executesql system stored procedure.