==== SQL Injection ====
SQL(pronounced sequel) or Structured Query Language is a language that is used to access, modify, or insert data into a database. The backend of many modern web applications is an SQL-based database. While most applications won't let us directly access the database, assuming that the application is not filtering user input, we can give specific input designed to modify the SQL queries to do what we want. This technique is known as SQL Injection.

=== OR 1 = 1 ===
One of the simplest forms of SQL Injection is the 'OR 1=1' injection. To give an example let's say an application has a feature that allows you to type in your username and in return, it shows you your password, (there are several security-based reasons a feature like this should not exist, but let's just say it does). The SQL statement that feature uses to retrieve the passwords may look something like this: 
<code>
SELECT password FROM users WHERE username='$username';
</code>
Normally the user would input his or her name and $username would store that value making the statement look something like this:
<code>
SELECT password FROM users WHERE username='bob';
</code>
Now let's say I'm a hacker who wants to get the passwords of all the users in the system, but I'm not quite sure what their usernames are. As a hacker I could type in something like:
<code>
//Ignore the '/' as the wiki doesn't like when its not there
OR '1' = /'1'
</code>
changing the query that retrieves the password to:
<code>
SELECT password FROM users WHERE username='' OR '1' = /'1';
</code>
Since 1 = 1 is always true, and any OR statement with a clause that is always true will also always be true, this statement will return every password in the database.
=== Batched SQL Statements === 
Another more powerful form of SQL Injection is using Batched SQL Statements. This allows us to write full SQL statements that are then executed by the server, rather than being limited to just modifying an existing statement. This works by closing out all open and expected inputs in the existing statement, ending it with a ';', and then providing a new statement of the attacker's own design. Randall Munroe, the creator of XKCD, provides an excellent example in the comic below.
{{ :exploits_of_a_mom.png }}
The SQL statement on the school's program probably looks something like the following:
<code>
“INSERT INTO Students VALUES (‘“ + firstName “‘,’”  +  lastName + “‘);”
</code>
Thanks to the specific nature of little Bobby's name, the statement that the server runs is:
<code>
INSERT INTO Students VALUES(‘Robert’); DROP TABLE STUDENTS; 
</code>
This causes the software to delete the entire student table after inserting Robert into the table. This works as putting a semicolon into a SQL statement allows us to execute more than one statement per line.

=== References ===
https://www.w3schools.com/sql/sql_injection.asp \\
https://appdividend.com/2019/07/18/sql-injection-example-what-is-sql-injection/ \\
https://www.xkcd.com/327/ \\
https://www.owasp.org/index.php/Blind_SQL_Injection \\