Out of curiosity (it isn't Friday yet, but close enough) - does parameterized SQL render all SQL injection attack techniques useless? If so, why do we still hear of successful SQL injection attacks, particularly in relatively newly written apps?
A lack of education/knowledge, ignorance, the curse of PHP developers...
