Lol wow, funny story! I also can't believe that people still don't properly filter user input. Any decent book about web development warns you about the dangers of SQL injections. It requires little effort to fix SQL injections bugs.

Looks like most SQL injection exploits rely on information leakage. Well, SQL injection would still be possible of course, but less obvious. Also, lots of developers aren't aware of the fact, that it possibly leads to server compromise.

ZF

Oh, this would be worth mentioning, Little Bobby Tables.

http://xkcd.com/327/

That may be, but in my opinion everyone that codes a database application should be aware of how the database works. You don't have to be a database guru to understand the dangers.

The database guys should at least set the right permissions, so that the average user can only retrieve data with SELECT statements and such. Preferably using stored procedures.

Even if you don't deal with the database, filtering all input is good practice. No one likes the possibility of other attacks, like XSS for example.

Some of my thoughts on this are the same as Ketchup's. There are still quite a few programmers around from an older generation where security was not what it is now. People nowadays get already taught at the very beginning of possible threats and how to avoid them, securing things, validating inputs etc. Also not all companies, especially the smaller ones, have the money to keep their employees updated through courses and classes.

Well part of this is also that when teaching people to program in schools, schools haven't historically focused on things like input validation etc.  Whether it is XSS, SQL Injection, or a number of other attacks, input validation is always secondary to functionality.  It's more important than just preventing SQL Injection and XSS, as those are talked about quite a bit, but poor input validation also leads to poor data integrity.  In most cases, there should be two levels of integrity checking, one enforced at the database layer and one enforced through the application layer and allowing for user feedback and correction. 

I wish they taught more of this in school, as I think most people who learn this stuff now on the job or the hard way.