One of the biggest classes of web vulnerabilities is known as SQL Injection, or SQLi.
Both pronunciations are generally understood in the context of talking about databases.
What is SQLi?
The changed or second database statement can perform a range of actions including potentially large-scale deletions or data leaks.
The correct method to prevent SQLi is to use prepared statements, also known as parameterised queries.
Traditionally, SQL statements are declared and have the user input concatenated into them during that declaration.
While this may seem like a minor difference it completely changes how the command is handled.
