If you're a subscriber (or reader) of the German publication "PHP Magazin", be sure you read up on some comments that Christpher Kunz has about some issues around a SQL injection article in the current issue (October/November).
It is not usually my custom to comment negatively or nitpick on other people's articles in magazines, especially not in magazines I have written for. This time however, I really must raise my voice to point out a couple of (well, actually a lot of) issues in an article about SQL injection in the current (October/November) issue of the german "PHP Magazin".
He points out a few problems (like the fact that there's no multi-selects in PHP's mysql support) and things that it would require special permissions (like root) to run on a system.