Before you decide to go and intentionally write code that's vulnerable to SQL injection, maybe take a read through these.
http://www.troyhunt.com/2013/07/everything-you-wanted-to-know-about-sql.html
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability