I am doing some research for a client and writing a paper on SQL Injection and what you can do to prevent this well-known exploit. Here are some of the more useful resources that I have found. If you know of others, plmk.

1.  SQL injection isn’t new. The earliest mention that we could find was an article in Phrack magazine by “Rainforest puppy” that was published in 1998!
2. A basic step-by-step introduction on the topic, showing you how to assemble information on a target’s data structure using a simple Web form by Steve Friedl (Jan 2005).
3. Oracle-specific examples of SQL injection from Security Focus (Nov 2001) and Net-Security.org (Jan 2004) contain lots of good information for other types of SQL servers as well.
4. SPIDynamics’ white paper on the subject goes beyond the basics (Sept 2005).
5. A more complete step-by-step walkthrough of various exploits.
6. More complete walkthrough of exploits, along with a nice description at the end of the paper on methods to lockdown your SQL Server (2002).
7. A more general resource on SQL Server security, including articles, free assessment tools and a nice lockdown script, all from Chip Andrews.
8. ODBC error messages by David Litchfield, given at a Black Hat conference.