SQL injection is a code injection technique used to attack data-driven applications by inserting malicious SQL statements into entry fields for execution, allowing attackers to dump database contents. It has been a top web application vulnerability for many years. SQL injection can occur when user inputs are used in SQL queries without validation or encoding. A second order SQL injection involves storing a malicious SQL statement for later execution, bypassing immediate validation. Mitigation techniques include using parameterized statements, input validation, and limiting database permissions.