Just wondering if anyone can help me out with sql injection. I have gathered many tutorials and find many of them confusing and dont clarify which type of sql database its for. Speaking of which, is there really any difference in the syntax and commmands between oracle, mssql, etc? Anyway, if anyone could provide some good tutorials or even the names of books i should buy which go into the actual reasoning behind the injection (not just a list of old exploits) this would be really helpful.
PS - dont just say google, because thats what ive been doing for the past month!