Mutillae has a great SQLMAP target on it. I have been using owasp’s bwa vm to work on more web apps.

websec’s writeup on sql injection filtering has been helping a lot with filtering evasion.