SQL injection is a security vulnerability that allows an attacker to intercept data-base communication. It generally allows an attacker to view data that sits in the database. In many cases, an attacker can modify or delete this data, causing persistent changes to the application's content or the behavior of a website. An attacker can escalate an SQL injection attack to compromise the underlying server or perform a DDos attack. Validation and sanitizing data coming from and sent to a database and parameterized queries, including prepared statements, are typical measures to prevent SQL-attacks. Another way to detect and prevent SQL Injections is to use an automated SQL Injection scanner.
