SQL injection is a code injection technique that exploits security vulnerabilities in a website's database layer. It allows attackers to execute malicious SQL statements that can view, modify, or delete database data. Some common threats of SQL injection include spoofing identities, modifying database records, escalating privileges, and disclosing all data on the target system. SQL injection is considered the most prevalent web application security risk.