Using parameterized statements in your code.

Moving your database to a separate server.

Frequently rotating your database passwords.

Using HTTPS in your website.

Deface your website.

Redirect other users to malicious sites.

Hijack other users' sessions.

Drop important tables in your database.

Escape dynamic content when it is written out in HTML.

Ask the user to disable JavaScript in their browser.

Obfuscate your JavaScript.

Whitelist permitted values for dynamic fields.

Set up a fake website that looks like your site on a copycat domain.

Summoning evil spirits and placing a curse on your database.

Installing malicious code and making your server part of a botnet.

<script>

<iframe>

<center>

<blink>

Validating that a request is generated by a page that is connected to the same website.

Validating a password.

Validating a credit card number the user has entered.

Keep static documents on a separate file system from your executable code.

Making users change their password frequently.

Storing documents in a content management system.

Hiring private security guards to grimace at anyone approaching your servers.