In part two of our three lesson web block, we focus on SQL injection as way to undermine the integrity of back-end database systems. SQL injection is a code injection technique that exploits a security vulnerability occurring at interface between the web front-end and the database back-end. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. Many web pages take parameters from web user, and make SQL queries to a database. SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else. In this lab, we'll exploit SQL injection.