Injection occurs when user input is improperly handled and sent to an interpreter, allowing attackers to execute unintended commands or access data without permission. Common types include SQL, OS, and NoSQL injection. This usually happens when input is directly included in queries without validation or sanitization. It can lead to data leaks, loss, or full system compromise. Using parameterized queries, input validation, and secure coding practices is essential to prevent injection and protect application integrity.
