SQL Injection is a type of cyber attack where malicious SQL code is inserted into a query to manipulate or steal data from a database.

Example of Vulnerable Code:

phpCopyEdit$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";

Preventing SQL Injection (Using Prepared Statements in PHP):

phpCopyEdit$stmt = $pdo->prepare("SELECT * FROM users WHERE username = ? AND password = ?");
$stmt->execute([$username, $password]);

This prevents injection attacks.