Any URL that sends data to the server as part of an HTTP request, especially if handling the request involves a database interaction, should be cleansed to protect against SQL injection attacks.

SQL injection and its ilk will stop being "a thing" only after organizations focus on security by construction.

Researchers say a bug let them add fake pilots to rosters used for TSA checks TSA security could be easily bypassed by using a simple SQL injection technique, say security researchers.