What it is ?

Sql injection is an attack in which malicious SQL Statements are injected into a SQL database to gain stuff like sensitive information,modify databases,and potentially even get a shell.They are very easy to avoid though but stilll happpen a lot.

Common Syntax and Verbs→

SELECT → Retrivies data from a table for us

INSERT → Adds data to a table

DELETE → Removes data from a data table

UPDATE → Modifies data in a table

DROP → Delete a whole table

UNION → Combines data from multiple queries

WHERE → Filters records based on spefic conditions

AND/OR/NOT → Filter records based on multiple conditions

ORDER BY → Sorts records in ascending /descending order.

Example Statements →

SELECT * FROM Users; #Selects everything from a user table for us basically.

SELECT UserID UserName From Users; # Selects every Userid ,username from the table.

SELECT * FROM Users WHERE Country='RU'; # Selects everyone whose country is RU in the Table

SELECT * FROM Users WHERE Country="US"AND UserName='Frank'; #Selects a user whose name is Frank and is from the US.