“SQL injection or SQLi is a code injection technique that exploits a security vulnerability in some computer software. An injection occurs at the database level of an application (like queries). The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. Using well designed query language interpreters can prevent SQL injections. In the wild, it has been noted that applications experience, on average, 71 SQLi attempts an hour. When under direct attack, some applications occasionally came under aggressive attacks and at their peak, were attacked 800-1300 times per hour.”

SOURCE : http://en.wikipedia.org/wiki/SQL_injection

—————————

One of the more friendly articles on SQL injection. Will be trying to find more in future..