SQL Injection Attacks Increasing
An anonymous reader writes "Help Net Security has a story that covers the dramatic increase in the number of hacker attacks attempted against its banking, credit union and utility clients in the past three months using SQL Injection." Article follows up on press release with a little more information. Not a lot here shockingly surprising, but it's worth mentioning that SQL injection is a real pain for web developers. You have to be very careful about checking user input.
You have to be very careful about checking user input.
No, you don't, unless you are either using an utterly shitty language like PHP that doesn't have built-in protection from SQL injection, or you are going out of your way to make your program insecure by using string interpolation in your queries.
You're missing the point. If your database interface doesn't suck completely, like PHP's default one, you don't need to manually screen for bad data in the first place.