> The problem with most presentations of injection attacks is it only inspires people to start thinking of broken workarounds - all the things mentioned in the article. And they really believe they can do it.

They will be doomed to repeat the mistakes of prior developers, who "fixed" SQL injections at their companies with kludges like rejecting input with suspicious words like "UPDATE"...