SQL Injection, also commony referred to as “SQLi” in a recent report was referenced as the root cause in 80% of all retail breaches (reference pending).
In the XKCD coming titled “Exploits of a Mother” a mother famously names her child “Robert ‘); DROP TABLE Students;–“ then has to explain to the school why the data is missing from their database.
In the YouTube video Javvad explains SQL Injection in plain English in a way only he can using a clever mash-up of neuro-linguistics and hilarious vignettes. It’s definitely worth the watch.
There are lots of references on the web on how to mitigate SQL Injection. If you are interested in this go straight to the OWASP SQL Injection Cheat Sheet for everything you need.