Is SQL injection a risk today?

Question

I\'ve been reading about SQL injection attacks and how to avoid them, although I can never seem to make the \"awful\" examples given work, e.g. see this post

Answer 1

Parameters passed to sql queries from the web pages ofen tend to be numeric IDs. For example let's assume you have an url http://foo.com/page.php?section=34 from which the section ID is used in a query like this:

SELECT content FROM sections WHERE section_id=$section;

No quotes to escape like in your example and whatever you'll put after the number in the URL will be passed to the query... So thew risk is real.