There are many resources for this on hte net, do a google search for SQL Injection Attack.
Here is one link but there are hundreds.
They say, best men are molded out of faults,
And, for the most, become much more the better
For being a little bad.