SQL injection is an attack used to take over database servers by dynamically poisoning SQL queries.
In this attack, a special SQL query is passed as user input to the login page.
Later, when the backend code compiles the input along with the SQL query.
The code then gets hijacked because these queries will change the meaning of the backend code.
The SQL injection queries used for this demonstration project are:
' or 1=1--
This query will change all the SQL statement always true because of the or keyword.
And the rest of the SQL statement after '--' will be commmented.
admin' or '1'='1
This query will change all the SQL statement will also always be true.
Because of the or keyword, and the two expression producting true values.