SQL注入这种技术使攻击者可以利用应用程序中未仔细检查的输入机会来执行未经授权的SQL命令，而应用程序的本意是使用该输入来构造动态sql查询。

SQL injection is a technique which enables an attacker to execute unauthorized SQL commands by taking advantage of non-scrutinized input opportunities in applications that build dynamic SQL queries.

youdao