You work as an application developer at Contoso.com. You use Microsoft .NET Framework 3.5 and Microsoft ADO.NET to develop an application. The application of Contoso.com has a  TextBox control named ProdID which will return a list of active products that have the ProductID field equal to the ProdID.Text property. Your application contains the following code. （Line numbers are for reference only.）   01 private DataSet GetProducts（SqlConnection cn） {  02     SqlCommand cmd = new SqlCommand（）；  03     cmd.Connection = cn；  04     SqlDataAdapter da = new SqlDataAdapter（cmd）；  05     DataSet ds = new DataSet（）；  06  07     da.Fill（ds）；  08     return ds；  09 }   You need to populate the DataSet object with product records and at the same time to avoiding possible SQL injection attacks.   What should you do？（）

• A、A
• B、B
• C、C
• D、D