How can a sql injection be identified?

It is simply a general question about security. How can a sql injection be identified?