SQL Injection

SQL injection allows attackers to inject arbitrary scripts into SQL queries. This gives the attacker the ability to read, insert new data , or alter existing data in your database. To avoid this, never build queries by string concatenation, instead use API calls. Here is the link to the official OWASP site for this topic.