SQL Injection can be pretty vicious, but there are some good practices that will help you prevent anyone using it against you. There's a pretty good explanation about what it is and how you can prevent it here: http://eliacom.com/wpSQLPoisening.php. It also has a pretty funny comic strip from xkcd about the issue.
In a sentence, SQL Injection is when someone puts SQL code into a form on your site, and when it posts to your database, it doesn't post as a value, but it posts as a query or script, which allows the injector the ability to do some pretty messed up stuff.
Hope that helps. If you have any further questions, don't hesitate to ask!
Sapphire Star member
SQL injection refers to the act of someone inserting a MySQL statement to be run on your database without your knowledge. Injection usually occurs when you ask a user for input, like their name, and instead of a name they give you a MySQL statement that you will unknowingly run on your database.
5d movie|5d movie