And SQL injection is dead because we have prepared statements!

Yeah, the headline is certainly exaggerating quite a bit.