SQL injection is a code injection technique used by attackers to exploit vulnerabilities in web applications that use SQL databases. By injecting malicious SQL statements, attackers can manipulate the application's database and gain unauthorized access or retrieve sensitive data.