First, before I mention anything else, I want to assure you that SQL Injection attacks are not possible with Sitefinity. Every database query executed is constructed by our Object-Relational mapper and we don't insert user-inputted data into the queries.
So if this is the reason you want to monitor database changes, I'm not sure if it's worth it.
Then, if you still need to do this, I want to clarify that basically every Sitefinity module has its own table. Additionally, all modules based on Generic Content use the same table for storing content. It is hard to split what tables contain user-viewable content from the rest but I'll try to provide a non-exhaustive list here:
Again, this list doesn't ensure that all public site information is contained in these tables. It also depends on what functionality of Sitefinity you are using and can be different with every site. Stil I hope it would help you in what you're trying to do.
the Telerik team