http://www.betshop.com/buckwoody/archive/2008/05/30/sql-injection-attacks.aspx