What is SQl injection?
This is a Form of attack on the database-driven Web site in which the attacker executes the unauthorized SQL commands by taking merits of insecure code on a system connected to the Internet, or bypassing the firewall. The SQL injection attacks are always used to steal the information from a database from which the data would normally not be available and/or to gain access to an organization's host computers through the computer which is hosting the database.
The SQL injection attacks typically are simple to avoid by ensuring that a system has strong input validation.
As the name suggest we inject SQL which can be relatively dangerous for the database.
For Example this is a simple SQL
SELECT email, passwd, login_id, full_name
FROM members
WHERE email = 'x'
Now someone does not put "x" as the input but puts "x ; DROP TABLE members;". So the actual SQL which will execute is :-
SELECT email, passwd, login_id, full_name
FROM members
WHERE email = 'x' ; DROP TABLE members;