SQL injection is a security vulnerability where attackers insert malicious SQL code into queries through user input. If input is not properly validated or parameterized, the database may execute the injected SQL, exposing or modifying sensitive data. SQL injection is one of the most common and dangerous web vulnerabilities.
Why it matters
SQL injection can lead to data breaches, data loss, unauthorized access, or full system compromise. Preventing SQL injection requires proper input validation, prepared statements, and careful database API usage.
Examples
Entering ' OR 1=1 -- into a login form to bypass authentication. Lessons like SQL Injection discuss prevention.