[From SQL Server Magazine
You can use HP Scrawlr, URLScan, or Microsoft Source Code Analyzer for SQL Injection to search your website and SQL Server database for vulnerabilities that could put your environment at risk for a SQL injection attack. You can prevent SQL injection attacks by filtering entry fields on your web pages so that users can only type certain values in the entry field. Designing and developing your application with security in mind can also help prevent SQL injection attacks.
The article continues at