Here is a good example of how hackers use SQL Injection to access data. The example here is only one of many possible attacks that hackers can use to access (or destroy) information on your site so its very important to implement security measures to protect your site.
More detail on what SQL Injection is:
What is a SQL Injection bug? – Joel on software
SQL Injection walkthrough – SecuriTeam
Protecting Your PHP/MySQL Queries from SQL Injection – Metatitan
SQL Injection – WikiPedia
As a bonus here is an old xkcd cartoon about sanitizing your database inputs: