SQL Injection

A code injection attack that exploits vulnerabilities in database query construction. Attackers insert malicious SQL code through user input fields that are not properly sanitized. Successful SQL injection can read, modify, or delete database data, bypass authentication, or execute system commands. Prevention requires parameterized queries, ORM usage, input validation, and the principle of least privilege for database accounts.