Hackers use SQL Injection to attempt to enter a precisely created SQL commands into a form field rather than the predictable information. The reason for this is to secure a response from the database that will enable the hacker to recognize the construction of the database, including table names. If the SQL Injection attack is finalized successfully, it has the possibility of being extremely damaging to any individual or business.
SQL Injection is incredibly popular with ASP and PHP applications based on the pervasiveness of outmoded functional interfaces. Owing to the characteristics of existing programmatic interfaces, ASP.NET, and J2EE applications are often unlikely to have effortlessly exploited SQL Injections. The detrimental impacts of SQL Injection attacks can be very severe. This severity is restricted by the skill and imagination of the hacker, and to some degree, defense-in-depth countermeasures, including short privilege link to the database server.
Source : Eccouncil
