SQL injection is probably the most common and easiest hacking technique out there. Now, don’t think I condone it, I’m just trying to make you aware of some of the techniques used.
Let’s say, for example, your database on a website runs a query that looks like the following:
SELECT * FROM Users WHERE UserID = @UserID -- Some user ID parameter
It is easy to manipulate the query!
How? Well, by entering the wrong input, for example:
99 OR 1 = 1
In this case 1 = 1 will always be true, so irrespective if whether or not there is a user with the ID 99, it will still return all the users.
?
?