• SQL injection is a code injection technique that uses the security vulnerability of a database for its attacks
  • Attackers inject a malicious code into the strings that are later on passed on to SQL server for execution

Insecure Code

  • In the code, concatenating strings are used to form an SQL query resulting in SQL injection

Secure Code

  • In the code, parameterized queries are used to prevent SQL injection attacks