SQL injection is a type of cyber attack where an attacker inserts malicious code into a web application's database query. This can happen when user input is not properly validated, allowing the attacker to manipulate the database. For example, if a login form accepts a username and password, an attacker might enter a specially crafted input to bypass authentication and gain unauthorized access. The consequences of SQL injection can be severe, including data theft, data loss, or even complete control over the affected database. To protect against this vulnerability, developers should use secure coding practices, such as parameterized queries and input validation, to ensure that user inputs are handled safely.