SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input. Injected SQL commands can alter SQL statement and compromise the security of a web application. A SQL injection attack can occur when a web application utilises user-supplied data without proper validation or encoding as part of a command or query.