A layman’s explanation of what a SQL Injection is

You may have heard the term SQL Injection before. SQL, which I pronounce it as “sequel,” but actually means Structured Query Language, is a programming language primarily used for managing data storage. And in today’s world of the Internet, information, and large databases, hacking has become a commonplace and so has the term SQL Injection.

Thanks to Tom Scott, he did a video overview in layman’s terms of just exactly what a SQL Injection is. It’s good for those that want to know, but aren’t up on programming languages or development. It can be hard to understand, even for people that like to code (whether they like to admit it or not).

Understanding SQL Injection

In my best layman’s explanation, the hack according to Tom Scott is literally inserting SQL program commands through a website, to the website’s database, with the intent to maliciously gain access, change, or even delete data. Scott does go on to say, the best way to ensure you aren’t vulnerable is to use SQL Prepared Statements.