This is an eight-part series (which actually stretched to 10 parts) on SQL injection:

Part 1 – What and Why?
Part 2 – My First SQL Injection
Part 3 – Attacking Websites
Part 4A – Defending Websites: The Wrong Way
Part 4B – Defending Websites: The Right Way
Part 4C – Bonus Material
Part 5 – Stored Procedures
Part 6 – Attacking Stored Procedures Which Use Dynamic SQL
Part 7 – Defending Dynamic Stored Procedures
Part 8 – Conclusions and Resources