After a long time I thought I should write something in the blog. Today we will talk about SQL Injection. SQL Injection is a bit old but still useful web hacking technique.As the name implies this involves injecting a malicious SQL code into the SQL database through a user input field provided to us on a website. This can be used not only to gain access to the site using the mechanism but also to play with the database and destroy it. For a example, let's take a simple website with user login. It has two input fields to get a username and a password. What happens in this case is that when we enter the username and password, it goes to the back end and run a SQL Query to check whether user name and password is correct. if its correct the query return true state and Then we get access to the site or if the username or password in the database does not match or False tells us that the site can not be logged in. That is simply the story behind the scenes. So in this case the attacker ...