What is SQL Injection?
SQL Injection as the name suggests is injecting arbitrary SQL commands or clauses into an executing program to defeat its purpose. Why does one inject SQL commands to defeat the purpose of a procedure. The answer is 'hackers'. Hackers are always looking for easy preys to steal another ones information. In this age of Information Technology, unnoticed stealing is for information. The information thus gathered can be consolidated by an experienced hacker and cause 'hell lot of trouble'. Now as we are clear of the intentions of defeating a program, we will understand the simple types of SQL Injection which are very well-known. First Order Attack Second Order Attack Lateral Injection First Order Attack is caused when a hacker simply modifies the string passed to a procedure and adds a malicious string to make the program work even if without valid data. For example consider the following code: create table users (username varchar2(20), password varchar2(20)); ...