Fuel injection is generally considered to be a good thing for cars, while IT professionals consider SQL injection to be a bad thing. The technique does not exploit weaknesses in the the database , but how it and the relevant web server are configured. In the Microsoft world a lot of work has been done about this based on the following principle included in its Trustworthy Computing Initiative:
Stating the obvious here, but Microsoft applies this guidance internally and applies it to all the Microsoft.com sites including MSDN & TechNet which all use IIS and SQL Server. If these sites were compromised then this story would be all over the cloud in seconds, so the advice works, so please use it as well.