Ocean10000 - 2:46 pm on Dec 6, 2011 (gmt 0)
I see these injection attacks reported a few times a year. Most of these sites are not properly validating data entry and feeding that data entry into the SQL code that is executing. Thus they open themselves up to attack running unvalidated SQL statements against a live Server.
Here are some articles from Microsoft on how to protect against SQL Injection Attacks.
How To: Protect From SQL Injection in ASP.NET [msdn.microsoft.com]
Stop SQL Injection Attacks Before They Stop You [msdn.microsoft.com]
SQL Injection [msdn.microsoft.com]