SQL injection

SQL injection is when someone abuses SQL to break a system in some way.

How it is used
Let's say someone made SQL to enter comments. If someone were to comment "Nice website!", it would be entered in as this: INSERT INTO Comments (comment) VALUES ('Nice Website!'); However, if someone were to comment this: ');DROP TABLE Comments;-- it would be entered in as this: INSERT INTO Comments (comment) VALUES ('');DROP TABLE Comments;--'); which forms three SQL commands. INSERT INTO Comments (comment) VALUES (''); DROP TABLE Comments; --'); Let's go over what they do. INSERT INTO Comments (comment) VALUES (''); inserts a blank comment into the table Comments. DROP TABLE Comments; gets rid of the table Comments, effectivley removing all comments. --'); marks '); as a comment, therefore making it so that it doesn't enter ');DROP TABLE Comments;-- as a comment.

How to avoid it
(removed by bureaucrat - please don't request edits in an article)