All SQL Injection is due to dynamic SQL queries.
Strongly consider prohibiting dynamic SQL queries completely.
Injection flaws occur when an application sends untrusted data to an interpreter.
Injection flaws are very prevalent, particularly in legacy code.
They are often found in SQL, LDAP, Xpath, or NoSQL queries; OS commands; XML parsers, SMTP Headers, program arguments, etc.
Injection flaws are easy to discover when examining code, but frequently hard to discover via testing.
Scanners and fuzzers can help attackers find injection flaws.
Check if a website is vulnerable to SQL Injection
False measures and bad practices
Why not to use escape quotes as a defence
SQL Injection Cheat Sheet (DB2)
SQL Injection Cheat Sheet (Informix)
SQL Injection Cheat Sheet (MSSQL)