My point being that you don't need to do a SQL injection to do this.

To prevent a SQL injection, you need to change ' to '' on input from the user that you pass to sql.

To prevent a HTML+script injection, you need to change < to &lt;, > to &gt; & to &amp; etc. on input from the user that render to the browser. The sites in question are not doing this, hence, just stick the code you wish to inject into at comment or some other user field. This has nothing to do with SQL.

You are right, that's not SQL Injection attacks, rather a HTML+script injection. A SQL Injection allows you to meddle with the sites database.

The artwork for the cd and the cleave are available, so you can print your own.

Microsoft don't want you to buy the XP version, they want you to buy the Vista/7 version.

The old Enterprise Manager had a feature that I used to use a lot. You could open a query designer. "Design" a select query (typically add a where clause or possibly a join and a where clause on the joined table.) Execute the query, check the results. Then you could change the query type, to a delete or update statement. If you had multiple tables, it would prompt you on which table you wanted to change. It would keep the rest of the query (from, where, etc.) in tack. I can't figure out how to do this in the new Server Management Studio - frustrating.

All the RAMs have all ready been used in servers...

I don't know about SuSe - but for Ubuntu - LTS releases are supported for 3 years. And if he wants to just update 1 application - he just needs to add the backports repository.

You have never been to South Africa where internet is slow and expensive due to a monopoly[1]. I'm sure this will find it way onto the freedom toasters[2] where anyone can take a blank cd and get a copy burnt...

[1] http://en.wikipedia.org/wiki/Telkom_(South_Africa)
[2] http://www.freedomtoaster.org/