What is SQL Injection and how to prevent

SQL injection is code injection one of the most common web hacking techniques and destroys your database. A hacker might get access to all the usernames and passwords in a database, by simply inserting a’ or ‘a’=’a into the input field.

a' or 'a'='a

Syntax

SELECT * FROM Users WHERE username='Username' AND password='Password ';

Users: Users table in your username and password also stored.
Username: Username pastes the username textbox value.
Password: Password pastes the password textbox value.

Example

SELECT * FROM users WHERE username=" a' or 'a'='a " and password=" a' or 'a'='a ";

SQL Injection 1=1 always TRUE

The create an SQL statement to select a user, with a given user ID.

The SQL statement is look like this:

SELECT * FROM users WHERE user_id = 16 OR 1=1;

It will return ALL rows from the users table, since OR 1=1 is always TRUE.