I can't really figure out a situation in which a person actually needs to know how a SQL injection works but can't/doesn't want to understand basic SQL syntax.
But this article does the job nicely, very simple and I'm pretty sure anyone could understand that.
It's Good Stuff for any of the millions of entirely non-technical site admins who managed to follow the instructions but otherwise keep their hands off the stack. Or if you have clients (esp. sole proprietors) who have the final word despite understanding nothing about web security...
> I can't really figure out a situation in which a person actually needs to know how a SQL injection works but can't/doesn't want to understand basic SQL syntax.
When you need to explain to PHB why it takes so long to do task X when really, it's just foo bar baz!.
It is great when you first start teaching someone about SQL. The fact that SQL injection even exists shows that data validation and separation of 'code' and 'data' must be one of the first things learned about SQL.
But this article does the job nicely, very simple and I'm pretty sure anyone could understand that.