In this article, Sandipan Pramanik explains how dangerous an exposed database message can be. He also demonstrates how to exploite a series of exposed error messages from hacker's point of view. In closing, he offers a few preventative measures anyone can take in order to prevent an SQL injection attack.
Exposed SQL Server Error Messages–Food for Hackers
How an Advance SQL Injection Attack Works