Is sql injection what happens when you have a user that you do not trust who has access to your database who circumvents the form submission format to hijack a sql statement to make changes to a user's database and/or view sensitive information?

yes and no

The process of putting in a code to circumvent the safety features is the actual injection. This can be done both with malicious intent (as you said someone you don't trust) and it can happen on accident (user tries to put in valid information that actually initiates something)

It isn't alwasy by someone with access or accident, it could be that someone sees a field and decides "hmmm I wonder if I can hack their site" or something and then tries entering an attack into the field. Look here: http://en.wikipedia.org/wiki/SQL_injection

thats why i said with malicious intent