Last week I came across an amusing picture that depicted a scenario for an SQL Injection attempt. At the time I just tweeted about it, but over the weekend I wrote a longer blog entry on the topic of SQLi and included a few examples of where I've encountered similar "real world" vulnerable scenarios.
You can find the full blog over on the IOActive site - "SQL Injection in the Wild".