Whats the difference between SQL injections and cross site scripting?

SQL injection is a type of attack on your database through poorly-coded forms or post/get parameters. It basically means an attacker can run SQL directly into your database, allowing them to read or write at will.

Cross-site scripting is a technique used to inject code into the client web browser, allowing an attacker to intercept the data the user is sending or receiving.