SQL Injection

SQL injection is technique that exploits a security vulnerability occurring in the application and/or database layer of an application. The vulnerability is present when user input (typically via HTML forms0 is either not validated or incorrectly filtered for string literal escape characters embedded in SQL (structured query language) statements. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

Source: FEMA (TEEX)