Michael Sutton recently blogged on creating a SQL Injection Attack crawler app that used Google to locate sites thar were susceptible to SQL Injection attacks. Scott Guthrie mentions the post in his blog.  Take a look at Michael's and Scott's posts. Very scary stuff. I guess I thought everyone knew this stuff already but then again it ...

We all should be familiar with the fact that concatenating user input directly into SQL statements is an open invitation to an SQL Injection attack.  Code such asMySql = ''Select * from Orders where Customer ID=''' & txtCustomerId & '''''should be avoided.  If you need some more background information on SQL Injection attacks, I am building a ...