Yes, that is a topic that has been discussed in many areas over the last few years. In fact, I was chatting with Simone Chiaretta about it regarding his blog post: http://codeclimber.net.nz/archive/2007/07/17/How-not-to-prevent-SQL-Injection.aspx
Which offers a slightly different example. From my experience, it seems that if you use stored procedures instead of inline sql, you can stop sql injection attacks by about 90%. There are many other methods and I am sure that you can probably google a ton. In fact, I just googled the term
and came back with 349,000 results.