SQL Injection is a technique used to inject SQL commands into an SQL statement. SQL injection attacker user can read and edit sensitive data from the database and can steal information from a database. SQL injection is used to attack any type of SQL database.