Amazon.com just posted my five star review of SQL Injection Attacks and Defense by Justin Clarke, et al. From the review:
I just finished reviewing The Web Application Hacker's Handbook, calling it a "Serious candidate for Best Book Bejtlich Read
2009." SQL Injection Attacks and Defense (SIAAD) is another serious contender for BBBR09. In fact, I recommend reading TWAHH first because it is a more comprehensive overview of Web application security. Next, read SIAAD as the definitive treatise on SQL injection. Syngress does not have a good track record when it comes to books with multiple authors -- SIAAD has ten! -- but SIAAD is clearly a winner.
SIAAD is another serious contender for Best Book Bejtlich Read 2009.
Note: Syngress provided me a free review copy.