Typing or inserting an actual SQL query or command as input (as opposed to a requested value, such as a user login name), gaining access to the tables, and then stealing or destroying data is an example of a(n) ____.
A) SQL query error
B) SQL mistake
C) SQL security reference
D) SQL injection attack

Question

Quizplus · Accepted Answer

This scenario describes a SQL injection attack, where an attacker uses malicious SQL code to gain unauthorized access to a database and steal or destroy data. It is important to prevent SQL injection attacks by properly sanitizing user input and using parameterized queries.

Typing or Inserting an Actual SQL Query or Command as Input