SQL injection attacks allow a malicious individual to execute arbitrary SQL code on your server. The attack is issued by including a string delimiter (') in an input field and following it with SQL instructions. If the server does not properly validate input, the instructions may be executed against the database.
For more, see the article SQL Injection Attacks on Databases
elsewhere on this site.