An SQL injection is an attack that passes commands through a vulnerability in an online application using an SQL database. SQL injections are commonly used by hackers to gain unauthorized access to a system, facilitating insertion and manipulation of data, or viewing secure database information. Secure information includes credit card numbers, passwords, etcetera.
SQL injection example
A basic example of an SQL injection technique is to send a true statement through the web application's login. For example, a username and password with ' or '1'='1' or ' or 'a'='a', which grants the user access since these statements are true.