And attacks using SQL injection are abundant. ... Some databases let you run command-line programs from within queries, which again can be all hackers need to do their dirty work.