SQL injection is a technique used to gain access to a database through the use of input boxes for users to enter passwords or users. The hacker uses SQL statements that will be executed by the website and update the database that the website is using. To prevent this, every time a user is able to type in text, it should be checked to see that it doesn't include malicious code.