An SQL injection is an attack in which malicious code is embedded in a poorly-designed application and then passed to the backend database. The malicious data then produces database query results or actions that should never have been executed.

Below are links to SQL Injection Cheat Sheets and Tools to play with in your virtual environment:

SQL Injection Wiki: http://www.sqlinjectionwiki.com/Categories/1/mssql-sql-injection-cheat-sheet/

SQL Injection pentestmonkey Cheat Sheet: http://pentestmonkey.net/category/cheat-sheet/sql-injection

SQL Injection by Netsparker Cheat Sheet: https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/

The SQL Injection Knowledge Base: http://www.websec.ca/kb/sql_injection

Tools:
Sqlmap: http://sqlmap.org/

Sqlmap Tutorial: http://www.binarytides.com/sqlmap-hacking-tutorial/

SQLNinja: http://sqlninja.sourceforge.net/

SQLNinja Tutorial: http://www.jedge.com/wordpress/sqlninja-sql-injection/