A nice strip I came across on SQL Injection & input validation!
SQL Injection is a query / code injection technique which exploits a vulnerability in the database of an application. The database back-end can be Microsoft SQL Server, Oracle, or mysql; i.e. any database which understands the Structured Query Language (SQL: http://en.wikipedia.org/wiki/SQL).
The vulnerability is present when the user input is not filtered properly for string literal escape characters. This user input usually is acting as the variable for constructing a SQL query when it reaches the back-end.