Query built from user-controlled sources (SQL Injection)

What is SQL Injection?

SQL Injection is a type of cyber attack where malicious SQL statements are inserted into an entry field to manipulate a database.

Why Should I Care About SQL Injection?

SQL Injection attacks can have devastating consequences, including unauthorized access to sensitive data, data manipulation and even data deletion, which will compromise the entire application.

How to fix SQL Injection:

Common ways to fix SQL injection (SQLi) are by using prepared statements, which separate SQL logic from data, preventing malicious SQL commands from being injected or by implementing input validation, ensuring that user inputs are validated against expected criteria before being used in SQL queries, thereby blocking unauthorized SQL commands.