What's an SQL injection?
SQL Injection is when form data contains an SQL escape sequence and injects a new SQL query to be run.
There are a host of techniques to prevent sql injections in your sql code. For example do not allow ; or --
If you are looking for a database search engine that lets you find anything inside sql server databases, check out.