What a SQL injection is: An attack against a database-driven Web site in which the hacker executes unauthorized SQL commands by taking advantage of insecure code on systems connected to the Internet. SQL injections (and other injection flaws) are the second-most common Web application security vulnerability, according to the Open Web Application Security Project. (Click to close this window)