I'm interested in stories where not sanitizing, validating or "sane"-atizing client submitted data in a web application caused a real life problem.
I think if we get some interesting answers this could be a good link to send new web developers so that they can learn from the mistake of others.
