15 years ago Dan Farmer wrote a program called SATAN designed to help sysadminis detect vulnerabilities in their networks. He was criticised because of the massive potential for malice if used by "the wrong people" and was fired by his employer, SGI. Now, I'm not in Farmer's league but I'm going to risk my reputation here and now to practically explain SQL injection by cracking two publicly available web sites.
Chances are you've heard of SQL; that's an internationally-recognised standard language used for creating, querying and manipulating databases, whether by Microsoft, Oracle, IBM, Sun Microsystems or any other vendor.
The article continues at http://www.itwire.com/content/view/21682/1141/