SQL Injection is a common injection technique that an attacker will use to inject code into a website and attack the database. It is frequently used by attackers to execute code that will either let an attacker into an application or let them execute queries against a database to collect information from that database.
SQL Injection works on SQL server 2000 from Microsoft, MySQL and PostgreSQL. All of the servers speak the same SQL language so it is possible to inject SQL through another web language.
How do I Protect Against SQL Injection?
The easiest way is to perform input validation against anything that the attacker or anyone using your website is sending to you. A lot of web application languages contain methods for performing this input validation, so you don’t have to re-write the structures. For more information on developing secure web application check out our recent infographic “Building Secure Web Application”.