David, I would agree with you that SQL injection attacks should be old news. The problem is they aren't. For instance, the discovery of serious SQL injection vulnerabilities for Ruby on Rails was reported last month (Jan 2013). Therefore, it behooves us to continue to remind folks of what can be done and why they should care.