SQL injection is a type of injection attack that executes malicious SQL statements and controls the database server behind a web application.
These attacks mostly take place on the web pages developed using ASP.NET or PHP.
These attacks can be made with the following intentions:
To execute the different queries that are not allowed on the application.
To change the content of the database
To dump the entire database of the system.
The only way to prevent the SQL injection attack is input validation and parameterized queries including prepared statements. The application code should never use the input directly.