Here’s a neat “cheatsheet” on SQL injection by NTObjectives that outlines some common attack strings, commands and so forth. Their SQL Invader SQL injection tool is worth checking out as well.
If you’re having trouble selling management on the dangers of SQL injection, check out this piece I wrote about it not long ago:
SQL Injection – The Web Flaw That Keeps on Giving
Ten Ways to Sell Security to Management
Happy hacking!