In terms of preventing attacks, the secret is undoubtably to be aware of their potential. A good summary of current trends in attacks is the Symantec Annual Threat Report, but if you are going to administrate a server you should keep an eye on the US-CERT alerts and current activities lists, as well as any appropriate specific software/OS lists, for example for Linux.
Most attacks are found by White Hat Hackers, and therefore are solved by software updates before they escape into the wild, so keeping on top of updates, preferably automatically, is key to good security (this will vary by operating system; for example, here's the details for Ubuntu; OSGeo-Live has an update manager that should notify you). However, this should also include staying on top of the latest updates for 3rd-party script libraries like jQuery. Third party libraries do occasionally suffer Zero-Day Attacks, usually on out-of-date components (example), but they also are directly attacked in an attempt to replace the library with malware (example). Obviously, as with all software, you should only download from the official site anyway.
If you're going to be a site administrator, you should certainly get yourself a good book on security for your chosen operating system, but also general web software and any specific software/languages you are using. Ultimately you may find you need to understand attacks in detail, and there are plenty of "Grey Hat"/"Pentest" books out there ranging from script-kiddie to zero-day vulnerability studies. If you're coding for the web you should likewise get your head around system admin, but also secure coding in your given language. Although they are getting a bit long in the tooth now, O'Reilly's Secure Coding and Security Warrior still contain useful information about project managing secure coding and basic secure coding, respectively. Most languages will have specific books on secure coding; for example, Java has the excellent CERT Oracle Coding Standard for Java (book version), which also teaches a lot about good coding more generally. A similar (though less beginner friendly) standard for Javascript is the Mozilla Secure Coding Guidelines. For PHP there is the PHP Security Consortium Security Guide, and more generally there are good cheat sheets at the Open Web Application Security Project (OWASP).
Finally, if you are going to run a standard website, you need to know the associated legal responsibilities. For a basic website, these are outlined by the UK Web Design Association.
If you intend to allows users to upload materials or you intend to store sensitive data, the legislation becomes more complicated. You should familiarise yourself with the local and international legislation on computing and data. This includes the UK's Data Protection Act 1998 (online) and the Computer Misuse Act 1990 (online) and related legislation, but also a wide variety of other legislation covering the use of cookies, the hosting of information, etc. You can find some nice starting summaries on the UK Web Design Association website and at SEQLegal and 90 Percent of Everything for ecommerce. The law associated with blogging and carrying forums is complex. A good summary from 2009 is Philip John's annotations of a session run by Paul Bradshaw, but things have moved on since then in some areas. A more up to date discussion for bloggers can be found in Bradshaw's Online Journalism Handbook. The whole thing is also complicated by the fact that some servers will be based outside of the country, and you should be especially sensitive to the Data Protection Act in this regard. US legislation can be found discussed at the EFF, but you should also be aware of the international law around Copyright (The Center for the Study of the Public Domain do a nice comic on this), and the recent changes to UK legislation.
Ok, now we're a bit more on top of web security, let's go back to our system and look at the specific issue of SQL injection attacks in detail.