SQL Injection is a type of exploit (method of gaining access). And there are many types of exploits such as Backdoors, Debug code, SQL Injection, Cross-scripting, Phishing and so on.
SQL Injection tricks the SQL engine to execute unintended commands and exploits vulnerabilities in the application.
Some of the preventing mechanisms includes, but not limited to:
- Avoid dynamic SQL with concatenated input and instead use static SQL and bind arguments.
- Validate input and handle exceptions
- Always test SQL codes for SQL injection flaws.
meda Answered question 18/03/2022