SQL injection
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. ``` String sql = "delete from animal where name = '" + name + "'"; ``` What happens if the user’s String is "any' or 1 = 1 or name='any"? The generated SQL is ``` delete from animal where name = 'any' or 1 = 1 or name='any' ``` This deletes every row in the table.