SQL injection happens when you interpolate some content into an SQL query string and the content modifies the syntax of your query in ways you didn’t intend. In the classic example of SQL Injection, the value you interpolate into your string finishes the SQL statement and executes a second complete statement. For instance, if the value of the $bug_id variable is 1234; DELETE FROM Bugs, the resulting SQL shown earlier would look like this:
SELECT * FROM Bugs WHERE bug_id = 1234; DELETE FROM Bugs
This type of SQL Injection can be spectacular.
Usually these ...