its a method to execute our own query in their server. how ? by any kind of input that will possibly used for sql query. for example a login. `SELECT password FROM user WHERE username =` + user_input` as you can see we can put our own sql query inside the user_input. lets say i put `; SELECT "lol" AS password;` in username login box. the query now become `SELECT password FROM user WHERE username =; SELECT "lol" AS password;` the original query will return an error. but the query i just put in will be executed. even though my example harmless query, swl injection can be bad. what if the query used to fetch all the user data ? or delete the database ? nowadays sql-injection is almost the first thing in mind when working with sql, the dev usually sanitize any input that comes from the user if that input could interact with the database. so its almost obsolete