SQL injection is a type of vulnerability in website and web app code that allows attackers to control back-end operations and access, retrieve, and destroy sensitive data from databases. In this technique, malicious SQL statements are inserted into a database entry field, and once they are performed, the database becomes vulnerable to an attacker. This technique is commonly used to access sensitive data and perform administrative activities on databases by exploiting data-driven applications. It is also known as SQLi attack.

Some common examples of SQL injection are:

Accessing confidential data to modify an SQL query to get desired results.
UNION attacks to steal data from different database tables.
Examine the database to extract information regarding the version and structure of the database.