A SQL Injection is a type of virus that you type into a user input field that allows access to the database that the field is connected to. If done right a SQL Injection can leave devastation on a computer and site. SQL Injection's can be done in a variety of ways and forms, and they are becoming increasingly dangerous via the web.
Different SQL codes can be used to override SQL database code and gain information.
SELECT user from users where password = 'pass123' OR email = 'firstname.lastname@example.org'