I'd be interested in seeing this article. Since I haven't read it, I can't be too sure, but as far as I know, the biggest defense against SQL Injection is the use of named parameters:
queryString = "SELECT password FROM Users WHERE username=@username";
command = new SqlCommand(queryString, connection);
command.Parameters.Add("@id", usernameTB.Text);
password = Convert.ToString(command.ExecuteScalar()); I don't believe this has changed in version 3.5. Were there any other defenses discussed? Could you post a link to the article?