Just for some history on this, a major worm recently went around the net using exactly this kind of exploit. Instead of a simple select command, it installed a Java applet that would send data to some server in China.

Here are some of the stories:

http://isc.sans.org/diary.html?storyid=4519

http://www.sqlservercentral.com/Forums/Topic495160-359-1.aspx

http://blog.washingtonpost.com/securityfix/2008/04/hundreds_of_thousands_of_micro_1.html

http://isc.sans.org/diary.html?storyid=4393

http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080507

The wording of the question was awkward, no doubt about it. Sorry about that. I tried to think of a way to put this question together (someone else suggested I submit it), but couldn't come up with anything I was happy with. So I sent in the best I could think of. (The easy part was the "clever" title for the question.)