Here is how an SQL injection works: First, assume an SQL statement accepts user-supplied data to look up a team member's contact information from a database without input validation rules.

下面是SQL注入的工作方式：首先，假设一条sql语句接受用户提供的数据，没有输入确认规则就可在数据库中查找团队成员的联系信息。

youdao

Doing so makes the SQL easier to maintain and secures your application from SQL injection attacks.

这样做可使SQL更加易于维护，且可使您的应用程序免受SQL注入攻击。

youdao

In an SQL injection attack, a program creates an SQL command and sends it to an SQL interpreter.

在SQL注入攻击中，程序会创建一个SQL命令，并将其发送给SQL解释器。

youdao

It appears that the old SQL Injection hack is still alive and well or at least it seems that way.

FORBES: LulzSec Hackers Finally Explain Themselves

It accused Mr Rivera and others of stealing data from Sony using a hacking technique known as an SQL injection.

BBC: 'Lulzsec hacker' latest to be arrested in US

They add that SonyPictures.com was breached using a simple SQL injection technique.

FORBES: LulzSec Hackers Purge SonyPictures.com, Say 1 Million User Accounts Compromised