SQL injection attacks often happen when applications don't screen/validate user input before they send it to a database. If a user can send commands to the database, and the database executes these ...