SQL injection

term

web devsecurity

Stands for: SQL injection (SQLi)

Injecting database commands through an input that gets concatenated into a query.

SQL injection happens when user input is stitched into SQL as code rather than data, letting an attacker read or alter the database. It is decades old and still common; parameterized queries (prepared statements) close it cleanly.

Also known as: sqli, sql-injection, sql injection

All glossary entries