What is SQL Injection (SQLi)? SQL Injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data they are not normally able to retrieve. How Does it Work? (The Logic) Imagine a login form where you enter your username. The database query looks like this: SELECT * FROM users WHERE username = 'YOUR_NAME' AND password = 'YOUR_PASSWORD' If the website is vulnerable, an attacker can enter ' OR 1=1 -- in the username field. The query becomes: SELECT * FROM users WHERE username = '' OR 1=1 --' AND password = '...' Since 1=1 is always true, the database grants access without a valid password! Types of SQL Injection In-band SQLi (Classic): The attacker uses the same communication channel to launch the attack and gather results. Error-based: Forcing the database to produce an error message. Union-based: Using the UNION SQL operat...