[PLUG] SQL insertion attacks

[Dylan Reinhardt]

SQL insertion isn't a platform issue so much as a SQL/middleware 
issue.   Sanitizing all user input before passing it to a database engine 
is a crucial (but often overlooked) practice.

SQL is a pretty powerful language and if you're able to pass arbitrary 
strings to the DB engine, virtually anything is possible, particularly if 
you have some knowledge of the implementation details.

An excellent study in some of the relevant issues can be found here:

http://www.sensepost.com/misc/SQLinsertion.htm