One of the oldest ways of attacking a SQL database (SQL injections) is still being used by criminals, and successfully. For those that are unfamiliar, SQL injection is a technique by which a hacker enters a malformed SQL statement into a Web site textbox that changes a query and allows them to break into a database. In a nutshell, injections take advantage of any security vulnerability in your SQL server.
(This site gives a TON of info if you want do some not-so-light reading: https://www.owasp.org/index.php/SQL_Injection)
But Johannes Ullrich, the head of research at the SANS Institute, says there's no reason why SQL injection vulnerabilities should exist today. According to Ullrich, the solution is for SQL coders to use prepared statements that separately send SQL statements and user data to the database. This way, the user data can't...