The original SQL syntax was pre-Microsoft. In any case, SQL injection exploits are webserver issues, not the fault of the database server that receives the query. More precisely, it's probably a fault by the author of the site, not the server they are using. You might as well blame Apple when a 360 game has a bug, because they built the devkits.