Description and Prevention
What is an SQL Injection?
An SQL injection is a form of attack that cyber-criminals use to exploit software vulnerabilities in web applications for the purpose of stealing, deleting or modifying data, or gaining administrative control over the systems running the affected applications.
How does it work?
A cyber-criminal uses malicious commands in web forms to gain access to sensitive and valuable data, by manipulating the database queries in such a way that requests can return data such as credit card numbers.
Update your database management software regularly
Enforce the principle of least privilege
Use prepared statements or stored procedures