SQL injectiion attack types detection for database driven web application

hi, May I known your advice for my problem? I am studying master thesis about detection of SQL injection attack types in database driven web application. So, is it easy to detect SQL injection attack types in web application? And, is it easy to create injecting malicious SQL command into SQL statement to steal sensitive data in database via web page? Should do I will continue as a thesis project?Please,advice me,thanks.