if any of you have a database driven site using asp, php or cfm or anything else...you should ...maybe even must... have a look at this white paper i found...

http://www.nextgenss.com/papers/adva..._injection.pdf

it is a very good read on advanced sql injection which is a huge security issue for many sites and needs to be attended to...or you will lose control of your your tables...or lose all you data....

as you will see...it's as easy as this entry in any form field....

jo'; drop table authors--

and say goodbye to you authors table....