What is SQL Injection? SQL Injection


SQL Injection is the process in which an end user is able to 'inject' SQL commands into an input and have them execute on the server. This happens, typically, on badly coded websites where inputs are not escaped prior to putting them in SQL queries. Depending on the type of query initially used and the injection term, it is possible to manipulate an application to either provide administrative access or remove user data.

Types of attack

While the injection method is typically the same, they can lead to drastically different results - depending on the intended target. These are discussed below: