What is SQL Injection?
Here's how the OWASP FAQ introduces SQL Injection:
"SQL Injection is a technique by which attackers can execute SQL statements of their choice on the backend database by manipulating the input to the application.
Let's understand SQL Injection through the example of a login page in a web application where the database is SQL Server. The user needs to input Username and Password in the text boxes in Login.asp page. Suppose the user enters the following: Username: Obelix and Password: Dogmatix. This input is then used to build a query dynamically which would be something like: SELECT * FROM Users WHERE username= 'Obelix' and password='Dogmatix' This query would return to the application a row from the database with the given values. The user is considered authenticated if the database returns one or more rows to the application.
Now, suppose an attacker enters the following input in the login page: Username: ' or 1=1-- The query built will look like this: SELECT * FROM Users WHERE username= or 1=1-- and password= -- in SQL Server is used to comment out the rest of the line. So, our query is now effectively: SELECT * FROM Users WHERE username= or 1=1. This query will look in the database for a row where either username is blank or the condition 1=1 is met. Since the latter always evaluates to true, the query will return all rows of the Users table and the user is authenticated. The attacker has been successful in logging into the application without a username and password."