Oracle Security: SQL Injection
What is SQL Injection ?
SQL injection is a technique to maliciously exploit applications that use client-supplied data in SQL statements. Attackers trick the SQL engine into executing unintended commands by supplying specially crafted string input, thereby gaining unauthorized access to a database in order to view or manipulate restricted data.
How does SQL Injection take place?
Incorrectly validated or nonvalidated string literals are concatenated into a dynamic SQL statement, and interpreted as code by the SQL engine.