And it is. The problem as we know it is solved. It's the programmers that are the problem. And legacy software that no one wants to pay to fix or update.
So, make sure you;re using parameters in your SQL, using a good library or, if you must, some ORM that is building out your monster SQL.
Cause I still get this in Application Inisghts:
https://estrellainsurance.com/Locations?ZipCode=-7902%29 UNION ALL SELECT NULL%2CNULL%2CCONCAT%28CONCAT%28%27qbvbq%27%2C%27QIFNGiAdHPYjeSyLAJGRWTXAUzlmKitdTTRlJeTL%27%29%2C%27qzqvq%27%29-- XPiO
And I got 400+ of them. Every combination of the patterns we all know so well.