[Solved] What is SQL injection? And what is it use and plese give me a some real time example Regards & Thanks Hareesh [closed]

Question

User input that deliberately contains SQL code to do harmful things, and isn’t disabled or sanitized by the code. E.g.,

$who = $_GET['customer_id'];
 ...
DELETE from records WHERE customer_id = '$who'

could be injected with something similar to customer_id=1234' and 1=1 and ''=', resulting in

DELETE from records WHERE customer_id = '1234' and 1=1 and ''=''

resulting in all records in the table being deleted. It could be sanitized by escaping all ‘ in the user input.

Accepted Answer

User input that deliberately contains SQL code to do harmful things, and isn’t disabled or sanitized by the code. E.g.,

$who = $_GET['customer_id'];
 ...
DELETE from records WHERE customer_id = '$who'

could be injected with something similar to customer_id=1234' and 1=1 and ''=', resulting in

DELETE from records WHERE customer_id = '1234' and 1=1 and ''=''

resulting in all records in the table being deleted. It could be sanitized by escaping all ‘ in the user input.