SQL injection is a technique used by attackers to damage or steal data residing in databases that use SQL syntax to control information storage and retrieval. SQL injection usually involves using a mechanism such as a text field in a web form to directly pass malicious SQL to a program or script that queries a database. If the program or script does not properly validate the input, the attacker may be able to execute arbitrary database commands, such as deleting tables, altering sensitive records, or accessing other parts of the database or network. For a more in-depth explanation of SQL injection see the Security Intelligence Report (SIR) Section 3.2.