A function call injection attack consists of an insertion of a function name parameter from code running on the client-side to the application meaning that a successful injection can execute any built-in or user definted function. With databases, this term is also used to describe the injection of database functions in to vulnerable SQL statements.