= SQLI =

SQLI or SQL injection is a type of attack where sql is placed into a field in
an application, as is directly passed to a DBMS.

An attack typically works by prematurely terminating a text string and
appending a new command. Because the inserted command may have additional
strings appended to it before it is executed, SQLI attack string generally end
with a comment or `--`.



== Also see ==

Also see [[sql]]