There are some pretty (free) good tools out there to test against most injections methods. I'm not saying having a conceptual grasp of security hurts ;)
All in all, you can't know all methods - and the tools won't probably know much less.
Every security professional I've heard speak emphasizes the importance of grasping what they tend to call "the security mindset". Which I understand to mean putting yourself in the place of an attacker and asking how your code could be taken advantage of.
Running an automated tool against your web app isn't a bad idea, but it's no replacement for thinking about what you're doing.
