Users are evil. As a Visual Basic developer writing a complex database application that uses MySQL, you may already feel this way as you receive feature request after feature request, all of which absolutely have to be included, without any extension in the project deadline (of course!). But when I say that users are evil, I am speaking from a security standpoint. You have a database full of valuable information, information you (or your non-evil users) do not want to wind up in the wrong hands. And even if your database is full of public information, you still dont need someone crashing the server or otherwise gumming up the works. And yet that someone is out there, waiting for his/her chance to exploit your code and ruin your day.
The article continues at