Similar to cross site scripting (seem my previous post on the topic) web site owners should be aware of sql injection attacks which are very similar. The attacker inserts sql code into a text box on a web site in order to insert and remove information from a database. Additionally a hacker could actually obtain control over the machine and execute other actions as well.
Here's a good article on the subject:
sql injection