Sec?

SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

SQL Injection is the act of inserting evil information that will then change the anotomy of the original SQL request, that is going to be made by the server, in order to gain advantages (admin privileges, passwords, emails, run code on the server).

Almost 50% of the internet bloggers are today using wordpress or it variant blog engine. One simple SQL statment that could be ran over the database (WP) can be;

SELECT * FROM wp_users where user_id=1

The following code will grab all the values from wp_users table corresponding to the user with id=1.
The statement looks pretty innocuous, but look the following code.

SELECT * FROM wp_users where user_id=1 or 1=1

The above statement will be generating all the values from the wp_users table of NOT just user_id=1 but all users. So that was an unoptimized or faulty SQL statement. Now consider, if the CRITERIA ($user_id) part of that statement was supplied from some web based form.

SELECT * FROM wp_users where user_id=$user_id

Instead of inputing some good user_id, the malicious user might insert the following;

1 or 1=1 for the $user_id part.

How easily did the malicious user got information not just about user_id=1 but all the users stored within the wp_users table. The further consequences from those exploited data might vary upon importance of the data.

Now lets look into SQL Injection which could dramatically bring down your website on the same above SQL query;

SELECT * FROM wp_users where user_id=1;DELETE from wp_users;

Here the malicious user entered 1;DELETE FROM wp_users; for the value of $user_id through web based form or URL. The above code if executed will delete whole table itself, not just query.