Lots of people pointed out this cartoon recently.
It's an example of an SQL Injection exploit of course and all the people who referenced it knew that right away. But how many regular (ie. non-geek, non-computing people) do understand it? Probably not many. The bigger problem though is that many people who do understand it are still ignoring the problems it can cause. Far too many people are still not validating their input and one day that will come back to bite them as it already has many others before them.
I found a good article on SQL Injection attacks at Stop SQL Injection Attacks Before They Stop You. I think it or something like it should probably be required reading for students who are building interactive web pages. Of course students writing any programs at all should be exposed to the very real necessity of double checking the data. Not just from real attacks but from user error as well.
Add to DZone
PingBack from http://msdnrss.thecoderblogs.com/2007/10/18/do-your-students-understand-this-cartoon/
I would say that parameterized queries are even more important than validation. That string in the comic strip should store in the field no problem.