# SQL Injection

This is one of the most popular technique to attack Backend system. This technique you can inject the sql script in ti the code.

#### Example

<img src="https://2166680554-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FP9VzT74ziIucCaJgfreE%2Fuploads%2F8J8xrggIdNpIV4QMlqBv%2Ffile.excalidraw.svg?alt=media&#x26;token=f71bb889-ec52-4318-bf67-a4034115a99e" alt="" class="gitbook-drawing">

#### How to Protect

1. Input validation for request
2. Use ORM the library will handle this protection
3. Use Prepare statment for sql raw query -> `select * from username where username = $1`

this strategy will create sql statement by library and validate the argument