According to OWASP top 10 vulnerabilities of 2010, SQL injection is the most dangerous and most common vulnerability around, A SQL Injection vulnerability occurs due to improper input validation or no input validation at all, what I mean by improper or no input validation is the user input is not filtered(for escape characters) before it gets passed to the SQL database, A Sql injection attack can be any many forms, but it's usually categorized into 3 types:

1. Inband

2. Out of band

3. Inferential

n this presentation john Mccray discusses some of advanced SQL Injection methods and topics such as IDS evasion, filter bypassing etc.