SQL Injection Attack Basic Concepts..

•SQL injection is a software vulnerability that occurs when data entered by users is sent to the SQL interpreter as a part of a SQL query.


... You can search Sql injunction vulnerable websites using google dorks List


•Attackers provide specially crafted input data to the SQL interpreter and trick the interpreter to execute unintended commands.
•Attackers utilize this vulnerability by providing specially crafted input data to the SQL interpreter in such a manner that the interpreter is not able to distinguish between the intended commands and the attacker’s specially crafted data. The interpreter is tricked into executing unintended commands.


..But there have some ways to Prevent SQL injuction Attack..


•A SQL injection attack exploits security vulnerabilities at the database layer. By exploiting the SQL injection flaw, attackers can create, read, modify or delete sensitive data.
SQL Injections: The Most Prevalent Type of Application Security Vulnerability
With more than 20 percent of all web vulnerabilities being attributed to SQL injection, this is the second most common software vulnerability. Therefore, having the ability to find and prevent SQL injection should be top of mind for web developers and security personnel. In general, a SQL injection attack exploits a web application that does not properly validate or encode user-supplied input and then uses that input as part of a query or command against a back-end database. For example, a typical form may ask for an ID and create a URL: "http://www.somewebsite.com/id/id.asp?id=somedata". An attacker using SQL injection may enter "somedata or 1=1". If the web application does not properly validate or encode the user-supplied data and sends it directly to the database, the reply to the query will expose all IDs in the database, since the condition "1=1" is always true. This is a basic example, but it illustrates the importance of sanitizing user-supplied data before using it in a query or command.