SQL INJECTION

An SQL Injection is a type of cyber attack in which a hacker uses a piece of SQL (Structured Query Language) code to manipulate a database and gain access to potentially valuable information.

It's one of the most prevalent and threatening types of attacks because it can potentially be used against any web application or website that uses an SQL-based database.

In standard software practice, an SQL query is essentially a request sent to a database - a computerized repository of information - for some type of activity or function such as query of data or execution of SQL code to be performed.

One such example is when login information is submitted via a web form to allow a user access to a site.

Typically, this type of web form is designed to accept only very specific types of data such as a name and/or password. When that information is added, it's checked against a database, and if it matches, the user is granted entry. If not, they're denied access.

Potential problems arise because most web forms have no way of stopping additional information from being entered on the forms. Hackers can exploit this weakness and use input boxes on the form to send their own requests to the database. This could potentially allow them to carry out a range of nefarious activities, from stealing sensitive data to manipulating the information in the database for their own ends.