SQL Injection (SQLi)

SQLi injects malicious SQL to read or modify database data through vulnerable inputs.

Updated: 2026-03-06

Definition

SQL Injection happens when untrusted input is concatenated into SQL queries without proper parameterization.

Attackers can read data, bypass authentication, or modify/delete records depending on permissions.

Key points

Caused by unsafe query building
Fix: parameterized queries + least privilege
WAF can help, but code fixes are primary

Common mistakes

Relying only on input filtering (not enough).
Using admin DB accounts for app connections.

Related exams

CompTIA Security+ (SY0-701)

Free Security+ SY0-701 mini test with focused next steps. Continue in the app for offline packs and detailed explanations.

CompTIA A+ (220-1201 / 220-1202)

Free CompTIA A+ mini test with focused next steps. Continue in the app for offline packs and detailed explanations.

Related terms

Want to practice this in exam-style questions?

Use the mini tests on each exam page, then continue in the app for offline packs and detailed explanations.