Rhys Wilkins recently made me aware of an article which advises several good practises in making sure your code isn't susceptable to SQL Injection attacks. The first prosecution (that I've heard of) was way back in 1996!

The article is located here. It's amazing just how many public websites include applications which can be compromised in this manner mainly due to the fact that they fail to validate user input - the mantra "treat all input as evil until proven otherwise" needs to be adopted.