1 article with this tag
SQLi is when input is read as 'part of the command' rather than data, changing a query's meaning — straight to read/alter/delete. The real defense is to stop string-concatenating SQL and pass values via placeholders (prepared statements).