A SQL injection is a security exploit in which an attacker supplies Structured Query Language (SQL), in the form of a request for action via a Web form, directly to a Web application to gain access to back-end database and/or application data. This can cause unintended and malicious behavior by the targeted application. Typically this type of attack is successful due to a Web application’s lack of user input validation, allowing users to supply SQL application code in HTML forms instead of normal text strings, for example.