SQL injection

SQL injection involves an attacker embedding malicious code within a website's SQL statement to illicitly access sensitive database information.

By manipulating input fields to contain malicious SQL commands, attackers can steal, modify data or execute arbitrary commands on the database server.