Old but still valid examples, why string escaping might not protect you against SQLi
sysql - use sql queries against output of linux commands
kleine kritik an den SQL-statements im film "The Girl With The Dragon Tattoo"
Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end
GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works as a proxy and has built in support for MySQL and PostgreSQL. The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc). Commercial version of GreenSQL supporting Microsoft SQL Server is available here.