I have been reading through a bunch of different articles about SQL injection attacks and have found some similarities. I read these articles from cNet and other various hits received from Google search engine. The first similarity I will note is the time of these attacks seem to be around 2012 and all of these attacks are from non-validated user input. It seems to me that there were just a lot of website owners and designers at the time that were not aware of the importance of user input validation around 2012. That brings me to the second similarity, user validation. That seems to be the only breach problem, if all user inputs are validated then there would be no such think as SQL injection attacks. I guess that there could be a way of manipulating stored procedures but without the leak through user input I have no idea how attackers would implement these attacks.