SQL injection

Is an attack on a program or site where malicious code is inserted into pre-existing SQL commands resulting in the new malicious code being executed in place of the original command. This type of attack exploits a security vulnerability present when user input is either incorrectly filtered for escape characters or is not strongly typed.