Understanding SQL Injection in PHP & Ways to Prevent it

sql_injectionWhat is SQL injection and how to prevent them in your web application

In top ten PHP Security Vulnerabilities list, SQL injection hits the number one position.  In SQL Injection, an attacker executes or pass malicious SQL statements through which they can either steal your data or completely destroy it. This data is passed through the browser to your web application. It occurs mainly if your input data is not validated properly.

To understand, how unvalidated data can cause such a big problem, let’s understand this through example.

Suppose, You have written a code for login module. In login module, A user enters a username and password. Based on username and password your script allows a user to log in.