12 · Databases & SQL
SQL Injection
Attack via untrusted SQL text
A vulnerability where user input is concatenated into SQL and executed as code. Parameterized queries / bound parameters are the usual defense.
Concrete example
Building `"SELECT * FROM users WHERE id = " + userInput` is unsafe; use bound parameters instead.
Why it matters
One of the first security checks on any agent-written database code.