Answer:
SQL injection is a security vulnerability which allows intruder to steal data from system. Any system which take input from user and create SQL query without validating or sanitizing that input is vulnerable to SQL injection. In such system, intruder can inject SQL code instead of data to retrieve more than expected data. There are many instances on which sensitive information e.g. user id, password and personal details are stolen by exploiting this vulnerability. In Java, you can avoid SQL injection by using Prepared statement.
| Previous Question | Next Question |
| Can you please explain the difference between valid and well-formed XML? | Explain V in MVC stand for, and what does it signify? |