What is an SQL Injection Attack/Vulnerability?
This FAQ answer was written by k4thryn: A SQL injection vulnerability can occur when a poorly-written program uses user-provided data in a database query without first validating the input. This is most-often found within webpages with dynamic content. There are some excelent tutorials and descriptive articles on this subject, as well as many vulnerability postings for different applications from full-disclosure websites.