Code Safari

Chapter 97·Intermediate

SQL Injection Explained: The Bug That Still Empties Databases

01 / 05

The core

Your query and the user's data got mixed into one string.

When you build SQL by gluing user input into a query string, the database can't tell your commands from their input — so their input can become commands.

SQL Injection Explained: The Bug That Still Empties Databases | Code Safari