SQL Injection is subset of the an unverified/unsanitized user input vulnerability, and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it’s straightforward to create some real surprises.
For people who use databases for web applications, the threat of attacks is great no matter how small or large your database is. It doesn’t matter what type of database you use either (SQL Server, ORACLE, MYSQL, etc.).
As long as there are hackers out there, your data is at risk.
Here is a great guide (.pdf) written by Martin G. Nystrom that the web developer, DBA or even website owner can benefit from to help them understand how data is vulnerable on the web and learn some of the “defenses” to try and prevent it.