I'm by no means an expert but, as far as bettering your self at security I have learned a lot from this site's challenges and articles. If you get stuck on any mission there are articles for most of them that will lead you in the right direction without just telling you the answer.
Here are some great, basic php security tutorialshttp://www.youtube.com/playlist?list=PL5F8BFE541D972472&feature=plcp
I think one of the best ways to learn more is just to mess around with stuff. I learned bash by playing around with Linux and FreeBSD. A great way to learn is to set up a "lab" with vm's, use one vm to attack another. As far as web exploits I like to set up an apache server(in a vm) with my own php on it, and exploit it. If I can not find any I research new methods. Once I find and exploit a vulnerability, then I research how to protect against it, and patch my code. That way I learn attack and defense.
As far as the 50-80% being SQLi vulnerable, I don't know, but there are some pretty complicated exploits so just because you can't find a vulnerability doesn't mean there are not any.
You attacked cascading style sheets?
jk, people generally use XSS for cross-site-scripting.