Injection usually occurs when you ask a user input,like their name and instead of a name given you a mysql statement that you will unknowingly run on your database.
For Examples
$name=”mydoubts.in’;Delete from users;”;
mysql_query(“Select * from useres where name='{$name}'”);
if you use mysql,the mysql_query() function does not permit query stacking,or executing multiple queries in a single function call.if you try to stack queries , the call fails
However ,other php database extension such as SQLite and PostgreSQL will perform stacked queries,executing all of the queries provided in one string and creating serious security prblmes.