SQL injection

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.
```
String sql = "delete from animal where name = '" + name + "'";
```
What happens if the user’s String is "any' or 1 = 1 or name='any"? The generated SQL is
```
delete from animal where name = 'any' or 1 = 1 or name='any'
```
This deletes every row in the table.
Home