Put simply, an SQL injection attack is an attempt to pass malicious code or other data to an underlying SQL RDBMS. Typically this is facilitated through code that blindly places user-input into SQL statements.