A form of attack on database-driven applications and web-sites. An attacker executes unauthorized SQL commands by putting them in what was supposed to be a name or an address (or similar) so that an unprotected database system will get confused and execute the malicious instructions. SQL injection attacks are used to steal information from a database, to destroy databases, and/or to gain access to an organization’s host computers through the computer that is hosting the database.