One fine Sunday morning, your beloved mother says to you: “Son, could you be a darling and run to the supermarket to get some eggs?”
“Ok Mom!”, you reply and off to the supermarket you go.
Half way there, you spot your Mom and she comes over to you a little awkwardly.
“Son, I’ve changed my mind” she says in a weird sounding voice.
“Forget the eggs, get some baby diapers instead” and as quickly as she appears, she disappears.
So, this all sounds a little weird to you. Why would Mother ask me to get diapers? There isnt’t a baby in the house! In fact, Mom looks kinda weird too. She’s not her usual self.
Something seems a little off but you don’t question wisdom of your mother and happily you get the diapers and return home.
Upon, reaching home, your Mother looks at you and wonders: “Son, where are the eggs? And why on earth did you buy baby diapers?”.
This is exactly what an SQL injection does: it takes the original instructions given by the computer, intercepts it with new instructions. If it’s an malicious SQL injection, the mysterious person masquerading as your Mom might have even told you to buy the eggs and then smash it. But as my friend eloquently put it: SQL injections are by definition not malicious but anecdotally, they almost always are.