Questions about this topic? Sign up to ask in the talk tab.
Common language specific pitfalls
From NetSec
PHP specific pitfalls
File inclusion by remote and local
Situationally bad sanitizing
addslashes()
htmlspecialchars()
mysql_real_escape_string()
Perl specific pitfalls
Command injection with open()
Python specific pitfalls
Ruby (eruby and rails) specific pitfalls
attr_protected
CGI.EscapeHTML()