One milly-yon sites hit by a SQL Injection attack. That happened according to a headline I saw recently, with an attack similar to Lizamoon affecting seven figures worth of ASP.NET sites. How can this still be happening on large scales? I'd like to think that this was mostly at small sites that people had set up for themselves, but I'm sure some decent sized companies were involved in this.

This isn't good for your brand as a developer. If you don't know what SQL Injection is, you shouldn't be developing software. If you don't know how to code to avoid it, you shouldn't be hired by anyone to build software. If you can't write a stored procedure around a query or built a parameterized call to a database engine, you need to learn how or find another career.

Read the rest of "More SQL Injection" at SQLServerCentral.