Skip to content
Home » Software Architecture » Quality Attributes » Security


SQL Injection: Describe what it is with examples

A SQL Injection is a code injection technique that attackers use to exploit vulnerabilities in a web application’s database layer. This vulnerability is often present in a web application when user input is incorrectly filtered for string literals that are used in SQL statements, or when user input is not strongly typed and can unexpectedly execute SQL commands.

The technique allows an attacker to manipulate SQL queries that an application makes to its database, enabling the attacker to view, alter, or delete data that they are not normally authorized to access.