about the SQL injection. a friend of mine who is a very experienced hacker.
prolly better than most of the ppl here. he told me that he don't sql inject because
most web admins know that trick and fix it. esp microsoft. so its not very useful.