This is now my fav answer to an SQL injection question ever.
web_application_-_SQL_injection_is_17_years_old._Why_is_it_still_around__-_Information_Security_Stack_Exchange.png