SQL Stuff

Joe Celko

Colm O'Connor -- Preventing SQL Injection Attacks
Coding Horror -- Give me parameterized SQL, or give me death
SQL Injection Attacks by Example

Frans Bouma's blog -- Stored procedures are bad, m'kay?