Malicious users might try to send (inject) modified or additional SQL statements in an effort to gain unauthorized access or damage the database.