Cross Site Scripting and SQL injection explained
OWASP has a full range of videos that give you a basic view of XSS and SQL injection:
Full table and column traversal and site take-over is almost an inevitable consequence of non-managed user input and system output (like error messages). This OWASP video gives you a quick introduction.
Cross Site Scripting (XSS)
You can find out more in the AppSec Tutorial Series by OWASP