Allow all special characters and prevent SQL injection / XSS

I am using Asp.NET MVC 3 with EF 4.1 With SQL Azure. I have both linq expressions as well as stored procedures.

Now, I need to allow all the special characters like "';&<>/ etc to be entered and save it in the database. But, when it is rendered, it should not render as HTML (ie, should be rendered as text). How can I prevent SQL injection and XSS attacks?

My concern is when we display in @Html.TextBoxFor or @Html.EditorFor or in a label?
I don’t want to compromise on the type of characters entered. Please suggest how to approach this?


Download allow.all.special.characters.and.prevent.sql.injection.xss.zip
Direct Link


Download


Download allow.all.special.characters.and.prevent.sql.injection.xss.zip
Mediafire


Download


Download allow.all.special.characters.and.prevent.sql.injection.xss.zip
4Downfiles


Download