SQL Injection is a security vulnerability where a web application allows a user to send un-sanitized input into a SQL query.
The textbook example is that a web application has a username field that inserts the user's input into the following SQL query:
statement = "SELECT * FROM users WHERE name = '" + userName + "';"The user then types
a' or '1'='1 into the username field. This creates the following SQL statement:SELECT * FROM users WHERE name = 'a' or '1'='1'If the statement variable is used for the authentication procedure then the evaluation of the SQL statement will always be true.
An attacker can cause damage if they appended something like,
'; DROP TABLE users;--This would produce the following statement:
statement = "SELECT * FROM users WHERE name = ''; DROP TABLE users;--';Which would result in the users table being deleted from the Database.
