So much has been written about SQL Injection, yet such attacks continue to succeed, even against security consultants’ websites. The problem is often that only part of the solution is described, whereas the best practice requires the use of defense in depth.