Injection vulnerabilities are among the most serious flaws endangering Web applications. Though injection attacks can come in a variety of forms, from operating system to LDAP injection, SQL injection is among the most likely choices for attackers. SQL injection occurs when SQL code is added to a Web form input inbox. Many sites don't check to make sure the user-supplied data is valid before generating a SQL query, allowing attackers to submit malicious SQL queries directly to a database. To prevent injection attacks, Web applications must be configured to assume that all external data comes from an untrusted source, and all user-supplied data must be validated.