Hackers typically employ codes to gain access to a system and exploit its vulnerabilities. SQL injection is one of the techniques that they employ to inject code and destroy a target database. Security studies reveal that SQL injection is one of the most widely used web hacking techniques. Specifically, it involves the placement of malicious codes in SQL statements through web page inputs. An SQL injection happens when organisations request user inputs, such as usernames and passwords, but instead, an SQL statement is issued and unknowingly run on the database. Through injecting such codes, hackers can gain access to sensitive information.