I've just published Back to basics: SQL Injection over on What the # do I know?.

It's not that I think the already existing articles and posts about SQL injection aren't good enough, but because I've seen way too many questions on stackoverflow lately with vulnerable code - and I find it amazing (in a bad way) that this is still a problem today.

I mean, there is an easy-to-use 100% bullet proof solution to this problem for more than two decades now - so why hasn't this threat been eradicated yet?

In this post I summarize the following topics:

• What is SQL Injection?
• How does this work?
• How can you write safe SQL?
• How do parameters prevents SQL Injection?