Chapter 97·Intermediate
SQL Injection Explained: The Bug That Still Empties Databases
01 / 05
The core
Your query and the user's data got mixed into one string.
When you build SQL by gluing user input into a query string, the database can't tell your commands from their input — so their input can become commands.