When a vulnerability on a database-backed site allows an attacker to query or attack the site’s database using SQL (Structured Query Language), it is known as a SQL injection (SQLi). Often, SQLi attacks are highly rewarded because they can be devastating: attackers can manipulate or extract information or even create an administrator login for themselves in the database.
Databases store information in records and fields contained in a collection of tables. Tables contain one or more columns, and a row in a table represents a record in the database.
Users rely on SQL to create, read, update, and delete records in a ...