SQL Injection – Performing and Preventing