SQL attacks

Suspekt taught me about column truncation vulnerability.  

This depends on a combination of relaxed comparison methods in the database and incomplete user data validation.

Owing to relaxed comparison within the database, a username 'admin   ' would be equated with username 'admin' in the database.  

If the username field has a maximum length of 10 characters and user data containing 11 characters is not treated as invalid, there could be a problem.

The username 'admin     x' will not currently exist when a SELECT * WHERE username = 'admin     x' is checked.  The database will then accept the slightly long username and dutifully truncate it from 'admin     x' to 'admin     '.  

You see where this is going ?