Providing a malicious sql statment to get executed on the input field. Ex: UserID : 105 or "1=1" Second case will always be true and will leak the data of Users. Dev. can take care by using sql parameters for protection.