If you're writing web application that has access to database, then you should be aware that those application are susceptible to SQL Injection attacks which leave information stored in your database vulnerable from a malicious cracker.
This can led attacker to access private areas in your web application, steal sensitive information, erase your database or alter certain information in the database for his own gain. Therefore it is prudent to safeguard your web application by filtering unsafe input variables before inputting them into SQL statements.
How crackers perform SQL Injection
Here is a list of common SQL injection technique employed by malicious users across the internet.
Another good read that I suggest is SQL Injection by examples which provide great explanation of how SQL Injection attacks are performed.