SQL injection

What is SQL injection

An SQL injection is a type of attack where malicious code is injected into a web application's database query string. This may allow the attacker to execute arbitrary commands on the server side of the application. This threat can be mitigated by using prepared statements instead of variables in queries.