MikesDotNetting recently did a great article on SQL Injection. He gave a great explanation of the problem with examples and how to prevent injection attacks. If you are writing code that executes SQL based on user input (text boxes, etc) you REALLY need to take a look at his article. You can check it out here.