SQL Injection is fun and simple. It basically attacks a concept that's mitigation on host OS's by DEP. You have code and you have data - to the computer they look the same, if it reads something it treats it as code. NXBit or DEP tells it to treat some things as data.
SQLInjection basically works by giving data and having it treated as code. You send garbage data, the system freaks out and dumps information or something more complex.
Easily mitigated by sanitizing all input to be data.