An interesting article on SQL Injection attacks (where a database query can be modified to perform unintended actions):
http://online.securityfocus.com/infocus/1644
The article has a strong Oracle focus but the issues apply to many
databases (even more so to those that allow multiple statements in
a single database request).
Tim.
p.s. Where it says "It is also not possible to SQL inject a call
that uses bind variables" it means "uses _only_ bind variables".
