What is SQL injection?

SQL injection allows a hacker to inject malicious SQL statement by exploiting improperly sanitized queries. It is by far one of the most common attack vectors, and was used in several famous exploits. For example, let’s say we use user-submitted form data to check a user’s credentials: sqlQuery = ” SELECT * FROM users WHERE […]