One of the greatest security risks and causes of great damage to computerized systems is a hacking technique called SQL injection. By using SQL injection, hackers inject their own malicious code into statements you execute dynamically on your SQL Servers, often from accounts with elevated privileges. An attacker can launch a SQL injection attack when you construct code by concatenating strings. I’ll explain and demonstrate SQL injection techniques by presenting examples of both client-based attacks and server-based attacks. I’ll then explain what measures you can take to block some of the attacks. But bear in mind that sophisticated attackers have very innovative minds; if you construct code that concatenates strings based on user ...