SQL Injection (SQLi) is a code injection technique in which attackers insert malicious SQL statements into input fields of a web application, with the goal of manipulating the database.

By exploiting vulnerable SQL queries, attackers can gain unauthorized access to sensitive data, modify or delete records, or even take control of the database.

This attack is one of the most common web application vulnerabilities ranked by OWASP.