What's an SQL injection?
Here is the answer,
An attack technique used to exploit web sites by altering backend SQL statements through manipulating application input. SQL Injection happens when a developer accepts user input that is directly placed into a SQL Statement and doesn't properly filter out dangerous characters. This can allow an attacker to not only steal data from your database, but also modify and delete it.