Over the past one year, I have been working on PHP and a few other languages and it took me quite some time to actually learn about various types of attacks on web servers and how to avoid them. From then on, I have been helping out others around me and finally decided to write an article on it as well.
So what is code injection or an injection attack? Quoting from Wikipedia:
Code injection is the exploitation of a computer bug that is caused by processing invalid data, which can be used by an attacker to inject code into a computer program to change the course of execution”.
Basically it refers to an unsanitized user input vulnerability, which can be used by a malicious user to run your code in a way it's not intended to. The next question is, why is it necessary to know about them? And the answer is obviously so that your web server/application does not have such vulnerabilities!