Security security databases vulnerabilities

What is SQL Injection?

Definition

SQL injection is a code injection attack where malicious SQL statements are inserted into input fields. If the application concatenates user input directly into SQL queries, the attacker can read, modify, or delete database data.

Why It Matters

SQL injection has been the #1 web vulnerability for decades. Prevention is simple: always use parameterized queries (prepared statements) and ORMs — never concatenate user input into SQL strings. One unprotected query can expose an entire database.

Related Terms

XSS (Cross-Site Scripting) CSRF (Cross-Site Request Forgery)

← All Terms Browse all tools →