There are OTC solutions that will read your code and scripts and warn you of potential security problems. All of the SQL Injections are identified and you can change as needed. Problem is that these solutions are very costly and take a specialized skill set. And they can add weeks to the release cycle depending on what is found in the QA/QC and Security check. Many companies will not hold a production release of software for a Security evaluation. The idea is to get to market as quickly as possible and to make money!!! And this will continue for as long as Marketing is allowed to control the release dates and versions.