SQL Insertion Attack

What
A SQL Insertion Attack occurs when an attacker passes a SQL command as an argument to a function and the program unwittingly executes the SQL command. Even more deadly is when the program passes the value from the command back to the attacker