A SQL injection attack is procedure often used to attack database backed systems. This procedure is where a hacker injects parts of an SQL Query in a way that forces the database to run his statement, exploiting a security flaw in an application. This is mostly used in a harmful/malicious act, causing the database to export/dump, update, or even completely remove the contents of the database.
Example of a basic SQL string that can be exploited by a SQL injection attack.
Example of a basic SQL injection string:
Which would be ran like this:
As you can see the SQL injection attack is updating a users email address so to gain access to the account.