Steve Friedl has written an excellent article called SQL Injection Attacks by Example. It shows not only the various attacks, but also does an excellent job of explaining each attack from the viewpoint of the browser. He also explains how to defend against each attack.
I found a cool little class in the Java library called “MessageDigest.”:http://java.sun.com/j2se/1.4.2/docs/api/java/security/MessageDigest.html
bq. Message digests are secure one-way hash functions that take arbitrary-sized data and output a fixed-length hash value.
This is cool for dealing with things like passwords. It means that a password can be encrypted on the application side before it is placed in the database. Then, when someone logs into your application, you encrypt their password and compare it with what is in the DB. This can also be used for other peices of personal information. The point of all this is that if someone hacks into your application, or steals the database, the information is not stored in a readable format.
For those who do not know, “WordPress has been updated to 2.0.3″:http://wordpress.org/development/2006/06/wordpress-203/. All those running WordPress blogs should upgrade because this update includes security updates (how many times can I use the word “update” in a sentence 
)
