When an attacker can cause malicious SQL code to run by maliciously modifying data used to compose an SQL command.
A type attack involving SQL code being inserted into application queries on database-driven applications to directly manipulate the database. This is a common form of attack used against web based applications.
Where an attacker directly enters SQL commands into an application.
SQL injection is a security vulnerability that occurs in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.