SQL Injection is a technique to hack the database. It is a type of security exploit in whichthe attacker adds the SQL code to a Web form input box to gain access to resources or make changes to data.
What are SQL Injection attacks?
An SQL injection attack is an type of attack where a user of your form enters a piece of SQL code into it, and wraps it in special characters in such a way that the data entereddoesn't get used for the purpose you had intended, instead it gets used to corrupt or destroy your database.When attacker enters the data into the form, that data is directly used to build a dynamicSQL query to retrieve the data from database. Such malicious code injection is called asan SQL Injection attack.There are two form of SQL Injection attacks :1.Form Injection.2.URL Injection.
A web application is vulnerable to SQL injection for only one reason – end user stringinput is not properly validated and is passed to a dynamic SQL statement. The stringinput is usually passed directly to the SQL statement. However, the user input may bestored in the database and later passed to a dynamic SQL statement. Because of thestateless nature of many web applications, it is common to write data to the database between web pages. This indirect type of attack is much more complex and requires in-depth knowledge of the application.
What’s not vulnerable?
SQL Statements using bind variables are generally immune to SQL Injection attacks asthe Oracle database will use the value of the bind variable exclusively and not interpret2