By the way, an excellent web-cast that's a step-by-step walk through on how an attacker scopes out and attacks a box using SQL Injection:
http://www.microsoft.com/usa/webcasts/ondemand/1765.asp
This was presented by SQLServerCentral.com's Brian Knight. Best SQL Injection web cast I've seen (and I've seen quite a few).
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
K. Brian Kelley
@kbriankelley