Ted Neward's post about SQL injection attacks is very eye-opening...