SQL injection is a technique where an attacker inserts malicious SQL code into a query. To prevent it, use parameterized queries or prepared statements. Here's an example using Python's SQLite library:
import sqlite3
conn = sqlite3.connect('database.db')
cursor = conn.cursor()
user_input = "'; DROP TABLE users --"
cursor.execute("SELECT * FROM data WHERE name = ?", (user_input,))