Oddly enough, there's a lot out there on the web about preventing SQL injection attacks, but to be honest, I see a lot of pages either giving very generic guidelines or trying to sell something, and sites that give really good examples and procedures seem to be more exception than rule.

Not saying you *can't* find good documentation on the subject and yes, there are a lot of parts and pieces to the issue, but I would like to see more practical tutorials rather than simply stating "use stored procedures" or "validate user input" without explaining how to achieve these things.

Being someone who has learned SQL the hard way - by researching and doing, I can tell you web resources are invaluable to someone like me. I've found some good, practical web pages on the subject, but in my experience it takes a bit of digging. Your mileage may vary.

Maybe a good subject for one of the gurus here on SSC to do a "Stairway" series?