SQL injection is probably the most common and easiest hacking technique out there. Now, don't think I condone it, I'm just trying to make you aware of some of the techniques used.
Let's say for example your database on a website runs a query that looks like the following:
SELECT * FROM Users WHERE UserId = @UserID //UserID based on input
By entering the following into the userid field on the webpage
99; DROP TABLE Products;
will change the above query to
SELECT * FROM Users WHERE UserId = 105; DROP TABLE Products;
This will return a userid with the ID of 99, as well as delete the table Products. This is because you have sent a batch statement that is a group of statements.
Visit the DevX Tip Bank
