At present time websites are mainly powered by databases. These databases are responsible for storing all the information with which we interact on a daily basis. And all these data are stored as SQL queries because they are responsible to collect and store information in database.
SQL injection is a code injection technique that exploits the non-validation of the data entry forms to insert SQL code and thus adversely affect the data in the database. The following infographic describes how to avoid this vulnerability and solutions for a complete security.
I had this problem before, some hackers managed to inject files, codes, scripts and forms via wordpress. Usually they inject phishing sites of some banks to fool unknown customers into giving up their account. gaining access to many account, transfer from one account to anther, thus confusing the money trail.