SQL Truncation Attacks
SQL injection attacks are nothing new and hopefully everyone is protecting themselves from it.
An interesting by-product of the standard method of protection from the basic sql injection attack (replace single quotes with two single quotes) is increasing the size of the original value. When building a command in a variable, its possible to truncate the original WHERE conditions allowing the attacker to affect much more data than the developer intended.
Bala Neerumalla has written a detailed article for MSDN Magazine with background on the attack methods, some excellent examples, and methods for detecting and preventing SQL Truncation attacks. Definately worth reading and implementing.