> For the complete documentation index, see [llms.txt](https://dotnetweb30-ke.gitbook.io/ke/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://dotnetweb30-ke.gitbook.io/ke/design/security/protecting-against-sql-injection-attacks.md).

# Protecting against SQL-injection attacks

{% hint style="success" %}
A successful **SQL injection attack** enables a malicious user to execute commands in your application's database by using the privileges granted to your application's login.
{% endhint %}

Common vulnerabilities that make your data access code susceptible to SQL injection attacks include:

* Weak input validation.
* Dynamic construction of SQL statements without the use of type-safe parameters.
* Use of over-privileged database logins.
