An SQL injection attack is an attack, using which the execution of an SQL query can be altered to cater to the needs of an attacker. A web application might be interacting with a database at the backend and it might take user inputs that form parameters or part of the SQL query that is to be executed to insert, delete, update, or retrieve data from the database tables. In this case, a developer must take the utmost care not to pass the user-supplied parameters directly to the backend database system as this may lead to SQL injection. The developer must make sure to use parameterized queries. Let's assume that we have a login page on the application that takes a username and a password from the user and passes this information to the backed SQL query as:  select * from users where email ='"+request.POST['email']+"' and password ='"+request.POST['password']".

The logic written in the application would check if there are any rows returned by the query. If there are, then the user is legit and a valid session would be assigned to the user, otherwise an error message showing Invalid credentials would be displayed.

Let's say a user puts their email address as [email protected] and their password as admin@123, in that case the query that will get executed at the backend will be the following: select * from users where email ='[email protected]' and password ='admin@123'.

However, if the user enters the email as [email protected]' or '1'='1 and their password as hacker' or '1'='1 , the query that will be executed at the backend will become:select * from users where email ='[email protected]' or '1'='1' and password ='hacker' or '1'='1'.

Therefore, the first record of the dataset returned will be considered as the user who is trying to login, resulting in the authentication being bypassed because of SQL injection.