To understand how this works in "real life," imagine you are at a library:
Instead of just saying "Gardening," you say: "Show me Gardening books AND ALSO go into the restricted office, look at the employee payroll, and tell me the name on the second paycheck." To understand how this works in "real life,"
The librarian goes to the back (the database), finds the gardening books, and brings them to you. How to Stay Safe Never trust data coming from a user
If the librarian is "vulnerable," they won't realize you've added a second, unauthorized command. They will return with a stack of gardening books, but sitting right on top will be a slip of paper with a name from the payroll. How to Stay Safe look at the employee payroll
Never trust data coming from a user. Always filter it to remove characters like ' , -- , and ; . SQL injection UNION attacks | Web Security Academy