a sql injection attack is an attack that is aimed at subverting the original intent of the application by submitting attacker-supplied sql statements directly to the backended database.