// Danger: Directly concatenating input invites SQLi structure shifts String query = "SELECT coupon_code FROM coupons WHERE coupon_code = '" + userInput + "'"; Statement statement = connection.createStatement(); ResultSet resultSet = statement.executeQuery(query); Use code with caution. Secure Implementation (Java Example)
Ensure the database user account used by the web application has limited permissions. Conclusion sql+injection+challenge+5+security+shepherd+new