SQL Injection is a technique of attacking the security of database by alternating the SQL statements through the input fields.
SQL Injection happens when we place the user input data directly to the SQL query without filtering it for the dangers string. If not the hackers will steal your data from database or chances for add, edit or delete the data even the database also.
Certain SQL servers like Microsoft SQL server have stored procedure to prevent from hacking through SQL Injection. Below i will show you the simple SQL Injection query.
Imagine you have a table called users, where you have data for login function.
Now here is the login check script to check the username and password in the log in process to compare the input field values and back end values.