http://www.netleets.com/exploits.htm

It takes a common sense approach to explaining SQL Injections.