SQL Injection is a type of injection attack. An attacker can use it to make a web application process and execute injected SQL statements as part of an existing SQL query.
The user will use sql queries in the input area to hack the website.
Consider a website have login page with input user name and password. In the backend code we have created the query dynamically combining the inputs. In this situation, If user try to give sql queries in the input box, there is a chance the query will be executed. If it happened, then user have the control to manage our database.