juniorWeb Security

What is SQL Injection?

Updated May 6, 2026

Short answer

SQL injection allows attackers to manipulate database queries via input.

Deep explanation

Unsanitized input can alter SQL logic, exposing or modifying data. Parameterized queries prevent this.

Real-world example

Login bypass using ' OR '1'='1

Common mistakes

  • Concatenating user input into SQL strings.

Follow-up questions

  • How do prepared statements help?
  • What is blind SQL injection?

More Web Security interview questions

View all →