SQL Injection (SQLi)

SQL Injection remains one of the most dangerous and commonly exploited web application vulnerabilities. It occurs when user-supplied data is included directly in SQL queries without proper sanitisation or parameterisation. An attacker can manipulate the query logic to access data they should not be able to see, bypass authentication, or even gain full control of the database server.

There are several variants of SQL Injection. Classic or in-band SQLi returns results directly in the application response. Blind SQLi does not return data directly but allows attackers to infer information through boolean-based or time-based techniques. Out-of-band SQLi uses alternative channels such as DNS or HTTP requests to exfiltrate data when in-band methods are not feasible.

The consequences of a successful SQL Injection attack can be devastating: complete data breaches exposing sensitive customer information, unauthorised administrative access, data manipulation or destruction, and in some cases lateral movement to other systems on the network.

Prevention relies on using parameterised queries (prepared statements) or stored procedures, applying the principle of least privilege to database accounts, employing input validation, and using web application firewalls as an additional layer of defence. Modern ORM frameworks also help reduce SQLi risk by abstracting raw query construction.