I've been teaching a class called SQL Server 2008 for the Oracle DBA in a number of cities in the US and Canada. I helped build the class last summer and it's truly enjoyable to bring the technology of Microsoft SQL Server to people whose careers have kept them focused on Oracle.
What scares me is the number of DBAs with decades of experience who've never heard of SQL Injection attacks. In one class just two of twelve DBAs had ever heard of SQL Injection.
The important thing to remember is that SQL Injection attacks aren't just limited to Microsoft SQL Server - they're just as prevalent on other database platforms, including Oracle, DB2, MySQL, ProgreSQL, etc. It's also important to understand that it's not just externally facing applications that are of concern. Your company's systems are probably more likely to be hacked by someone inside your organization than from the outside. (Disgruntled employees are disgruntled, to use a current Farkism.)
Here are a couple of sites to learn more about SQL Injection:
SQL Injection - SQL Server Books Online
SQL Injection - Wikipedia
I'm sure a quick look using your favorite search engine will return a long list of sites explaining the issue and ways to prevent it. For your own sake, please understand this problem and help your organization build protections against it.