SQL injection is a technique often used to attack databases through a website. This is done by injecting SQL statements in a web form. The main cause of this vulnerability is not checking the input entered by user. Instead of entering the text value in web based forms if user enters the SQL statement and if it is executed by website, it can cause serious damages including theft of sensitive information like credit card numbers, passwords, etc.
It is possible to stop such attacks and one common way is by validating user input. If we restrict special characters such as ' - " ! < >, such injection would be more difficult.