SQL injection
termweb devsecurity
Stands for: SQL injection (SQLi)
Injecting database commands through an input that gets concatenated into a query.
SQL injection happens when user input is stitched into SQL as code rather than data, letting an attacker read or alter the database. It is decades old and still common; parameterized queries (prepared statements) close it cleanly.
Also known as: sqli, sql-injection, sql injection