What is Structured Query Language (SQL) injection hack?

SQL injection is a code injection technique that might destroy your database. Basically, inserting code instead of the expected input. For example, your website asks for a username and password to check against your database for that user. Instead of username a hacker types malicious code and gets a reply of all usernames and passwords in your database. Now they have access to all your clients’ accounts!

The most important mitigation for SQL injection is the sanitation and validation of data being input into the database. Sanitation is simply a way of turning the input data into a text string that is treated as an object to be placed in a database. This will not allow the input to be used as executable code. Validation is where the data is tested to see if it conforms to the expected format. For example, a phone number input by the user should not contain letters or unknown characters. By using these methods injected code will not be allowed to execute and return unexpected results to an unauthorized user.