There is a nice SQL Injection Pocket Reference up on Google Docs

Here is what is covered

MySQL

Default Databases

Comment Out Query

Testing Injection

Strings

Numeric

In a login

Testing Version

MySQL-specific code

Database Credentials

Database Names

Tables & Columns

Finding out number of columns

Retrieving Tables

Retrieving Columns

PROCEDURE ANALYSE()

Retrieving Multiple Tables/Columns at once

Find Tables from Column Name

Find Column From Table Name

Avoiding the use of single/double quotations

String concatenation

Privileges

FILE privilege

MySQL ⁴⁄₅

MySQL 5

Out Of Band Channeling

Timing

DNS (requires FILE privilege)

SMB (requires FILE privilege)

Reading Files (requires FILE privilege)

Writing Files (requires FILE privilege)

Stacked Queries with PDO

User Defined Functions

Fuzzing and Obfuscation

Allowed Intermediary Characters

Allowed Intermediary Characters after AND/OR

Operators

Constants

MySQL Functions()

MySQL Password Hashing

MySQL Password() Cracker

MSSQL

Default Databases

Comment Out Query

Testing Version

Database Credentials

Database Server Hostname

Database Names

Tables & Columns

Retrieving Tables

Retrieving Columns

Retrieving Multiple Tables/Columns at once

OPENROWSET Attacks

System Command Execution

SP_PASSWORD (Hiding Query)

Stacked Queries

Fuzzing and Obfuscation

Encodings

Allowed Intermediary Characters

Allowed Intermediary Characters after AND/OR

MSSQL Password Hashing

MSSQL Password Cracker

ORACLE

Default Databases

Comment Out Query

Testing Version

Database Credentials

Database Names

Current Database

User Databases

Tables & Columns

Retrieving Tables

Retrieving Columns

Finding Tables from Column Name

Finding Column From Table Name

Fuzzing and Obfuscation

Avoiding the use of single/double quotations

Out Of Band Channeling

Time Delay

Heavy Query Time delays

You can find it here: SQL Injection Pocket Reference