SQL injection
SQL injection
Description
Improper SQL query construction could lead to SQL injection. An SQL injection attack consists of injecting an SQL query via the input data from the client to the application
Recommendation
Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. This can be used to alter query logic to bypass security checks or unauthorized access content.