A SQL injection attack is when SQL code is inserted to manipulate the database to access information that was not intended to be displayed.
This information may include any number of items, including sensitive company data, user lists or private customer details.
Ways to prevent a SQL injection attack:
1. Input validation Writing code that can identify illegitimate user inputs. This is not a foolproof solution but is a first start.
2. Command parameters Command parameters are defined by adding placeholder names in SQL commands, which will later be replaced by user input.
3. Avoid administrator privileges Command parameters are defined by adding placeholder names in SQL commands, which will later be replaced by user input.
4. Encrypt sensitive data Passwords, security questions and answers, financial data, health information, and other information that you do not want to be exposed.
5. Do not store sensitive data if you do not need it.