SQL Injection is a web security vulnerability that allows attackers to interfere with SQL queries made by an application. This can lead to unauthorised access to data, modification, or deletion of information within a database.
Common Types of SQL Injection Attacks:
- Retrieving hidden data
- Modifying application logic
- UNION attacks to combine results from different tables
- Blind SQL injection where responses are not visible
Preventing SQL injection involves using parameterised queries and prepared statements instead of directly concatenating user input into SQL commands. This approach helps safeguard against malicious input that could alter query execution.