SQL Injection attacks happen due to a violation of basic programming principles.
As a matter of good programming practice
I predate Microsoft so I can remember how damn grateful we were for software that was easy to use.
The emphasis in software development was to develop a tool that could be used. No one really looked at it from the "how could someone pervert this tool".
The sins of the fathers are truly been visited upon their sons. I dread to think how much code is in PC software per se that can be hacked due to unchecked bounds.