There have been other papers on SQL injection, including some that are much more detailed, but this one shows the rationale of discovery as much as the process of exploitation.

Very good site showing how SQL Injetcion works, and shows how people discover tuple and table names from a website. Much better than SPI's whitepaper by far.

SQL Injection Attacks