SQL injection is a subset of the “code injection” attack method. SQL stands for Structured Query Language and is used by databases to store and retrieve information. Many websites require this capability web developers use a server-side scripting language – often PHP or ASP – to pass user input to a backend database. A very common example of a website using this capability is a site where you need to create a user account and password or one where you provide credit card information.