This is a very serious attack on website with a backend database. It is a technique where attacker injects malicious SQL commands or some sort of statements where to destroy the database contains or getting access to it. With the help of SQL injection the attacker can control or get access to database server. Whichever website asks for user information and stores in database must prevent their servers by SQL injection.
I would suggest those who are in web development through PHP must prevent their servers through SQL injection.
The malicious code that the attacker injects while login in website are 'randomUsrname' OR 1=1
Suppose the attacker enters 'randomUsrName' or 1=1 then the SQL query would turn out to be
select * from Users where username = 'randomeUsrName' or 1=1;
For prevention the developer can just add following lines by which the system will first verify your code and then insert it into your database where the fields are firstname and lastname.
$firstname = stripslashes($firstname);
$lastname = stripslashes($lastname);
$firstname = mysqli_real_escape_string($conn, $firstname);
$lastname = mysqli_real_escape_string($conn, $lastname);
SQL injection is a code injection technique that destroy your database.SQL injection is the placement of malicious code in SQL statements, via web page input.
To protect a web site from SQL injection, you can use SQL parameters.
SQL parameters are values that are added to an SQL query at execution time, in a controlled manner.