What is a SQL Injection

* SQL statement(s) “injected” into an existing SQL command

* Injection occurs through malformed application input:
- Text box.
- Query string.
- Manipulated values in HTML.

* A good SQL injection attack can cripple and even destroy your database