This is a bit late on the #drupalgeddon // #drupslsa05 post, but the need to update is just too alarming to go unmentioned. Like this tweet from @outlandishjosh
I'll update w/more on what we're seeing later today, but it is clear: Black-hats are exploiting #drupslsa05 already. This is not a drill.
WordPress is a great piece of software supported by a large open source community. It is quick to deploy, easy to configure, and easy to use. When it comes to simple content management, WordPress is the way to go. However, some of us have had the unfortunate event of getting our WordPress site hacked or defaced.
mysql_real_escape_string() should always be used on data being placed into your SQL database.