A type of attack where an attacker injects malicious code into an SQL database through user input fields. It is used in database security to prevent unauthorized access and data manipulation. Examples include inserting malicious code into a login form to gain access to the database or inserting code into a search form to retrieve sensitive information.