It's almost difficult to write system level code these days that allows for sql injection given all the high level tooling around databases, not to mention modern linters and security vulnerability scanners.