What does 'SQL injection' involve?

SQL injection involves a code injection technique that manipulates database queries. This vulnerability occurs when an attacker is able to insert or "inject" malicious SQL code into a query that a web application sends to a database. By exploiting weaknesses in the application's input validation, the attacker can alter the intended SQL command, leading to unauthorized access to data, data manipulation, or even operating system commands being executed on the database server.

In applications where user inputs are not properly sanitized, an attacker can craft inputs that include SQL code, which the database then interprets as part of its query language. This can result in exposure of sensitive data, alteration of data, or deletion of records, making SQL injection a significant threat in web security.

The other options do not accurately represent what SQL injection entails. The method of encrypting data in transit relates to protecting data as it travels across networks, which is unrelated to SQL code manipulation. Temporarily disabling a database does not capture the nature of SQL injection, which is about unauthorized access rather than denial of service. Lastly, monitoring database access pertains to auditing and tracking activities in a database, which does not involve code manipulation or exploitation.