ISSN : 2349-3917
SQL Injection is a major injection technique, which is used to attack data-driven Applications.
Procedures and functions that use dynamic SQL queries by concatenating the text inputs to the dynamic SQL are prone to SQL Injection attack as someone can provide extra commands/malicious text through the input parameter and when executed can result in the unexpected results.