What are the steps to follow to avoid SQL Injection attacks?

Always use parameterized queries or stored procedures instead of creating SQL commands by concatenating strings together.