SQL Injection attacks happen due to a violation of basic programming principles.

As a matter of good programming practice

• ALWAYS validate user input.
• ALWAYS check that data cannot exceed its bounds  i.e. the program won't try to store an SMALLINT in a BYTE field, or try and stuff a 11 byte string in a 10 byte space.
• ALWAYS include error checking/exception handling.

I predate Microsoft so I can remember how damn grateful we were for software that was easy to use. 

The emphasis in software development was to develop a tool that could be used.  No one really looked at it from the "how could someone pervert this tool". 

The sins of the fathers are truly been visited upon their sons.  I dread to think how much code is in PC software per se that can be hacked due to unchecked bounds.