Cyberkiz

SQL Injection

A code injection attack where malicious SQL statements are inserted into application input fields to manipulate or extract data from the underlying database.

SQL injection (SQLi) exploits vulnerabilities in web applications that fail to properly validate user input. When an attacker enters specially crafted SQL code into a login form, search box, or URL parameter, the application's database may execute unintended commands — revealing customer data, bypassing authentication, or even deleting entire tables. It remains one of the OWASP Top 10 most critical web application risks.