In my everyday life, I work with both SQL Server and Oracle databases to develop databases, schemas, stored procedures, and functions as well as the middle-tier applications that wrap the database functionality. Along with that work, I also spend a lot of time validating input data, and dealing with other issues of secure coding.
In my upcoming security talk, I will spend some time outlining the dangers of SQL Injection, as I have mentioned before. I have mentioned, and mostly seen, the problems that you can have with SQL Server regarding SQL Injection, but similar attacks can be done with Oracle, and many other database vendors. I found a great article today that was mentioned on one of my security mailing lists (sign up for the SC-L mailing list at securecoding.org). The article is An Introduction to SQL Injection Attacks for Oracle Developers. There are some really good tips and advice in the article on countering SQL Injection in regards to Oracle databases. This is also a great read for a general introduction to understanding this important security topic. Get it today, and be informed.