SQL injection is best described by the following definition:
Injecting SQL into an application input which is then used to build a SQL Select statement.
SQL injection is a type of security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. By inserting or "injecting" malicious SQL code through user input fields (like form inputs or URL parameters), an attacker can manipulate the application's queries to gain unauthorized access, modify data, or execute arbitrary SQL commands.
This is typically due to improper handling of user input, where input is not properly sanitized or parameterized, allowing an attacker to craft input that alters the intended SQL command.