An SQL Injection is a security breach, one made famous by the Exploits of
xkcd comic episode in which we read about
little Bobby Tables:
PostgreSQL implements a protocol level facility to send the static SQL query text separately from its dynamic arguments. An SQL injection happens when the database server is mistakenly led to consider a dynamic argument of a query as part of the query text. Sending those parts as separate entities over the protocol means that SQL injection is no longer possible.