A senior Web security specialist at HP has put together a description of just how simple these attacks can be, including a look at the psychology behind their success. He found that many of the executives were skeptical about the extent of vulnerabilities in their code. He then appended a single tick mark to the end of the URL, which caused a SQL statement to fail and generate an error message explaining exactly what the problem was. After a quick glance at the volunteer s site, Los noticed an error that showed evidence that someone else had attacked the site. Los found that the database had in fact been compromised previously.
Source: https://threatpost.com/anatomy-sql-injection-attack-022510/73589/