SQL injection is a type of attack that can give an adversary complete control over your web application database by inserting arbitrary SQL code into a database query.