A type of attack that exploits errors in the data processing of a program to enable the insertion of malicious code. A very popular form of code injection on the World Wide Web is SQL injection, which involves inserting SQL queries in user data that are sent to the database (e.g. in an authentication form). See also cross-site scripting.