Darhack.. i think you mean any mediocre PROFESSIONAL PROGRAMMER knows about mysql injection. The problem is usually with hobbyists programmers who make little random scripts and figure "the script just reads a random quote, I dont need to worry about verifying input" or just havent read far enough to find out about it. Because with the different injection attacsk (mysql, variable, input .. etc etc) it doesn't really matter what your program is supposed to do, a simple script can be hacked and used to take over your entire mysql or home directoy account.
I see so many of these types of things in my work as a tech for a bunch of webhosting companies. Grrrr..
I just wrote a long long post then accidenlty closed the window
so no long explanation from me
Just.. you did not mention register_globals which is a HUGE security risk that people still seem to ignore.
Basically.. DO NOT USE register_globals and make sure they are disabled. If your server has them enabled you may be able to turn them off for your account in your root .htaccess file by adding the line
php_value register_globals OFF