A SQL injection is a type of injection attack that uses an input from the client to insert a SQL query.
Essentially, hackers will inject SQL into a form they think will be sent to the server. Their hope is that the when the data from the input enters the database, the SQL query will either destroy the database or it will extract data from it.