• I like Charles's list as well and am kind of an extremist too. The solution to solving SQL Injection attacks is simply for every RDBMS system to flat out not allow inline SQL. Everything must be done with stored procedures and parameters.

    I first heard about SQL Injection back in like 1997 or 1998. It amazes me how big of a topic it still is today and how many problems it still causes. Ridiculous!