A SQL injection is an attack that passes SQL commands through an online application that uses a SQL database. If vulnerable this could allow the attacker to execute arbitrary SQL commands or queries through the web application. SQL injections could allow that user to gain unauthorized access to the system, insert data, manipulate data, or view database data (e.g. credit card information) they should not be able to see.
A basic example of a SQL injection technique is sending an or true statement command through the web applications login. For example, a username and password with ' or '1'='1' or ' or 'a'='a', which grants the user access since these statements are true.
SQL injections are one of the most common techniques hackers use to gain unauthorized access to an online database driven system or collect information such as usernames, passwords, credit card information, and other personal information.