Anyone got a good analogy to describe SQL Injection to people who don’t understand what a “back end” is, much less a SELECT statement?

Here’s my response:

SQL Injection is like a telephone operator who has to phonetically relay verbal speech between two people who cannot be connected, in a language the operator doesn’t understand. The problem is that the operator has no way of knowing if she’s telling the person on the other side, “Happy Birthday”, or giving them instructions on how to kill themselves.

An old explanation, but I like it ok...