Upon review, a security engineer noticed that one of their cloud applications includes a SELECT statement. The engineer has asked the developers of the application to modify the code so that user-supplied input must be validated and attackers are unable to send malicious SQL statements through the application. What type of attack is this engineer trying to prevent?