Old but still valid examples, why string escaping might not protect you against SQLi
Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end
Samples are provided to allow reader to get basic idea of a potential attack and almost every section includes a brief information about itself.