I'm not being insulting as I'm including myself in that broad brush. By a few years do you mean 8-10 years ago? As that's when VBScript was being phased out. And that's when cfm was even vaguely popular. cfm's dead today like Delphi's dead today.
I actually remember SQLi becoming a hot topic just when I personally was switching from being a VBScript programmer to C#. When all the APIs were introducing parametrized queries and the debate of them vs stored procs was actually still raging.
It was very easy to do stupid things then because all the APIs encouraged bad code, there wasn't much good advice on the net, there was no stack overflow and the books actually told you to write bad code. I'd look up a couple of classics but I've literally just sent all my old programming books to recycling.
So either you weren't professionally programming back then or are looking back with rose tinted glasses. A lot of apps were vulnerable to SQLi back then.
Look at this article from Jeff Atwood back in 2005:
I actually remember SQLi becoming a hot topic just when I personally was switching from being a VBScript programmer to C#. When all the APIs were introducing parametrized queries and the debate of them vs stored procs was actually still raging.
It was very easy to do stupid things then because all the APIs encouraged bad code, there wasn't much good advice on the net, there was no stack overflow and the books actually told you to write bad code. I'd look up a couple of classics but I've literally just sent all my old programming books to recycling.
So either you weren't professionally programming back then or are looking back with rose tinted glasses. A lot of apps were vulnerable to SQLi back then.
Look at this article from Jeff Atwood back in 2005:
http://www.codinghorror.com/blog/2005/04/give-me-parameteriz...
Kinda goes without saying these days doesn't it? Would any programmer blog something as basic as this now?