What is SQL Injection and How Does it Work

SQL Injection is a web hacking technique of inserting SQL commands in user-supplied data fields of web applications and submitting them for execution by the database server.

To perform a SQL injection attack, an attacker inserts malicious SQL code, most often a database query, into a string that’s eventually executed by the database through a web application (e.g. a login form).