SQL injection is a method of inserting harmful instructions into a script that carries out a command on a database. The malicious instructions aim to destroy a target’s database or files. SQL injection can also refer to any malicious act that involves inserting program code into someone else’s website.

Let’s say, for example, that you have a computer program that consolidates all your company’s earnings for the day and automatically sends the bank this information and the account number where the cash should be deposited. Then you fire the company programmer for some reason. Before he leaves, he tweaks the database script so that the system tells the bank to deposit into his account, rather than the company’s. He just executed an SQL injection.

People also search for…