I came across this recent article on SQL Injection. Thought it's worth sharing. Not very technical, but it describes a real attack example which will give you a good idea about how it's done. Also, towards the end it lists some methods we can adopt while developing web based softwares to counter SQL injection attacks.

http://www.unixwiz.net/techtips/sql-injection.html

-Anoop

Wow, that is very interesting I never heard of SQL injection before. Good thing you posted the link, I'll need to check my MySql queries for the 'bugs' mentioned there :)

Its genius is its simplicity.

That was a great article. Thanks Anoop! I'm far from being well-versed in SQL, but everything made perfect sense.

Nice find ;)