Injection is not always about SQL
I think anybody even remotely involved with databases these days has seen the xkcd comic about Bobby Tables : http://xkcd.com/327/ Basically, the comic warns against SQL injection, and reminds you to sanitize your database...