SQL Injection attacks are becoming increasingly common the past few months and website owners should both be aware and also take precautions against them. A simple explanation of SQL Injection is when a hacker takes advantage of code that neglects to validate input data before interacting with a database. If the code doesn't validate the data, a hacker can actually enter SQL statements as the input and have them run against the database - causing all types of bad results ranging from data theft, to data corruption and loss, to server compromise.

Here are some links with further information about SQL Injection and some steps to protect code from being open to this attack:

http://msdn.microsoft.com/en-us/library/ms161953.aspx
http://msdn.microsoft.com/en-us/library/bb671351.aspx
http://msdn.microsoft.com/en-us/library/ms998271.aspx
http://www.misfitgeek.com/Tools+To+Block+And+Eradicate+SQL+Injection.aspx

~Brad