I figured this would be a good reminder. I've known some people who would have thought just because they create client side validators and use stored procedures they are no longer vulnerable to SQL injection attacks. Ready the full article from the link below and it will contain links on how to protect yourself from such attacks too.
You may have seen recent reports
that have surfaced stating that web sites running on Microsoft’s
Internet Information Services (IIS) 6.0 have been compromised. These
reports allude to a possible vulnerability in IIS or issues related to Security Advisory 951306 which was released last week.
Full article : SQL Injection Attacks on IIS Web Servers – BillS IIS Blog