It cannot be stressed enough: Even sending a single SQL injection probe against a random site you found via Google is a violation of the Computer Fraud and Abuse Act (CFAA) in the U.S., and similar laws worldwide. Penalties include fines and imprisonment.