Understanding Sql Injection by Hardik Shah

This vulnerability occurs due to lack of proper validation of user entered data in web applications. It may be possible that the programmer is a newcomer and has lack of understanding of such kind of attacks. But in many cases I have seen most of the time programmers are too lazy to consider and apply proper security checks. Most of the programmer believes that client or end user will always give correct input to the application. They even check for some minor validations like empty string or null values etc but they never think of the fact that a user can insert a specially crafted query which reveals all the important information of your machines. With the outsourcing boom many companies started and they have less experienced programmer so such kind of attacks heavily exists in today’ s web applications...

If you are not familiar with sql-injection this article will help to start learning about this type of vulnerabilities (pdf format).