SQL injection attack is one of the most popular attacks that are observed in most of the web applications. This article will be very useful to the newly joined ELTP's, as they are more prone to write queries which are vulnerable to SQL Injection attack.In this article, I will explain what SQL injection is all about and the ways to prevent it. To begin with, what is SQL Injection (attack)? As the name suggests, it's an attack which is done with SQL queries. This attack is possible when a web application does not filter the user inputs correctly and trusts whatever the user provides. So in short, SQL forces the application to run queries which were actually not desired i.e a good SQL gone bad :) Most of the web applications use a form to authenticate users: When a user clicks the Login button, a request is posted to the action page via HTTP_POST. The action Page has a business logic which authenticates the user by running a query that counts the num...