SQL Injection

SQL injection is a way to get code into applications that work based on the data ("input data") put in. A malicious SQL statement is put into a field and then run (e.g. to dump the database contents to the attacker). In order for SQL injection to work, an application's code must have a security flaw in it.