SQL Injection is easy to defend against. Filter your data. Quote your data (if you can). Escape your data.