This is my whole set of SQL Injection resources for both attack and defense. I rely on them often!
General or cross-platform SQLi Resources:
• W3school’s - SQL injection
• SQLZoo’s SQL Injection walkthrough
• NTO’s SQLi Cheatsheet
• Websec.ca’s SQLi mega-resource (mySQL, MSSQL, ORACLE, ++)
• Ferruh Mavituna’s SQLi cheatsheet (mySQL, MSSQL, ORACLE, ++)
• The SQL Injection Wiki
DBMS Specific Resources:
mySQL:
• PentestMonkey’s mySQL injection cheatsheet
• Reiners mySQL injection Filter Evasion Cheatsheet
MSSQL:
• EvilSQL’s Error/Union/Blind MSSQL Cheatsheet
• PentestMonkey’s MSSQL SQLi injection Cheatsheet
ORACLE:
• PentestMonkey’s Oracle SQLi Cheatsheet
POSTGRES:
• PentestMonkey’s Postgres SQLi Cheatsheet
Others:
• Access SQLi Cheatsheet
• PentestMonkey’s Ingres SQL Injection Cheat Sheet
• pentestmonkey’s DB2 SQL Injection Cheat Sheet
• pentestmonkey’s Informix SQL Injection Cheat Sheet
• SQLite3 Injection Cheat sheet
• Ruby on Rails (Active Record) SQL Injection Guide
SQLi Prevention Resources:
• Bobby-tables.com’s guide to preventing SQLi in almost every language
• OWASP’s SQL Prevention Cheatsheet
SQLi Tools Cheatsheets