whats your point? Its not like any programming language automatically checks your input and makes sure it isn't malicious before sending it on the database. The BSOD is what you get by allowing #1, trusting the programmer.

That there's a distinction to be made between what should be and what is. TBH, I don't know how bad a problem SQL injection is these days.

Quite correct, because it can't--that would require the ability to read the programmers/administrators/... mind to determine what they think is malicious.

In a similar way, it's not like any compiler will (in full generality) test your code for the possibility of going BSOD: accepting that C and turing machines are equivalent, and that moving to the next sequence point (more or less executing a statement) is equivalent to a transition in a turing machine, here's a handy proof that ExecutesTransition and Halts are equivalent.

ExecutesTransition quite clearly also contains Halts, since we can just see if any of the halting transitions are executed (there are only a finite amount). OTOH, Halts also includes ExecutesTransition, since we can create an altered turing machine which is the original with the transition in question replaced by a halting transition, and all other halting transitions replaced by an infinite loop.

And we all know Halts to be unsolvable (if it was solvable, $R = RE$, but $SA \in RE \setminus R$).

So I don't see why the two are different.

No, that is flat out wrong, and this is why: when I dual-booted between RH 6.2 and W98, RH 6.2 never crashed. W98 did.

This is a joke right? When I first tried linux back in college (RH 4.2, which I bought on a CD for like $39), I would get a kernel panic everytime it tried to load my new fangled 3c905 ethernet card. I'm a gung-ho linux user like everyone else around here, but lets not exaggerate.

No, it's not a joke, it's my experience. You've had a different experience--great for you (or not so great, actually), but that doesn't change that I experienced what I experienced. Besides, you're talking about 4.2, I'm talking about 6.2, so they're not really comparable either.

Okay, here's a non-exaggeration: over the period in which RH6.2 was installed on my computer, RH6.2 didn't crash. Windows 98 did.

I've set up a few PostgreSQL PL/pgSQL functions - nothing particularly fancy - to simplify things. But I didn't know Postgres could cache the query plan and reuse it.

I'll have to read up on that.

To be perfectly honest, I hadn't given any thought to SQL injection attacks. Our security issue is much simpler than that. The system has nearly 250 users with administrative logins, and almost all of our users are not technically savvy. When we go on site to check the system status, the bare handful of users that don't use ridiculous passwords like "password1" tend to have their passwords taped to the monitor on a post-it note. We don't have any financially valuable data in the system, but the only thing preventing a script kiddie from getting admin access and posting the whole database on the internet is the fact that we're still too small to get much attention.

PS jonaskoelker and boredandblogging:
In my experience, if Linux crashes you have a hardware or driver problem. I think everyone has seen Windows 95, 98, and ME crash frequently. I've seen periodic crashes on NT, 2000, XP, and 2003 too - but they're all several orders of magnitude more stable than the Windows 9x versions.