SQL injection usually occurs when you ask a user for input, like their username/userid, and instead of a name/id, the user gives you an SQL statement that you will unknowingly run on your database.
Its an old technique where hacker executes the malicious SQL statements to take over the website. It is considered as high severity vulnerability, and the latest report by Acunetix shows 23% of the scanned target was vulnerable from it.
The SQL injection vulnerability is one of the most dangerous issues for data confidentiality and integrity in web applications and has been listed in the OWASP Top 10 list of the most common and widely exploited vulnerabilities since its inception.
To protect a web site from SQL injection, you can use SQL parameters.SQL parameters are values that are added to an SQL query at execution time, in a controlled manner.
Read more on how to prevent such here: https://www.netsparker.com/blog/web-security/sql-injection-vulnerability/