[vsync]

1. Don't hand-write boilerplate SQL but use a library (CLSQL, JPA) where possible.

2. Use parameterized queries rather than pasting strings together.

3. There is no step 3. Seriously, it's not hard.