SQL injection is a code injection technique that exploits security vulnerabilities in an application's software. Attackers can destroy databases, access sensitive data, and take control of back-end database servers by inserting malicious SQL statements into entry fields. Developers must properly sanitize all user-supplied input to prevent SQL injection attacks by removing or escaping any characters that could alter the intended SQL commands.