SQL injection: still one of the more common exploits against web applications, and yet it is one of the easier ones to guard against. Unfortunately, bad tutorials often teach newbie developers bad habits that enable injection attacks, rather than using more secure methods of interacting with databases.
Yes, PHP often gets a lot of flak for this, as its status as an introductory languages makes for a greater number of subpar coders and introductory tutorials, but SQL injection is by no means a “PHP thing.” Actually, there are probably more resources warning about SQL injection for PHP than other languages…
Wouldn’t it be useful if there was one resource you could point people to in order to explain SQL injection and show some examples of best practices in their language of choice?
Bobby-Tables.com has examples of safe methods to handle database interaction in several languages, including PHP, Python, C#, Ruby and Java. Plus, it gets bonus points for referencing the relevant XKCD comic. (There really is one for every occasion, isn’t there?)
