Glossary · Term

SQL injection

← all terms

Definition

Plain language

A classic web security flaw where an attacker sneaks database commands into ordinary user input.

As stated in the literature

A vulnerability class where user-controlled input is concatenated into SQL queries without sanitization, allowing attackers to execute arbitrary database commands.

Why it matters: It's been one of the most common and dangerous web vulnerabilities for decades, and AI agents writing or reviewing code need to spot the pattern reliably.

For example, a login form that pastes the username directly into a query can be tricked by entering `' OR '1'='1` to log in as anyone.

Heard on the show

“… produced confident, well-structured answers about whether a particular code path was safe from SQL injection — and they were wrong, because the facts they were reasoning from had been quietly edited two …”
Episode 039 — When Smarter Agents Get Fooled by Three Extra Nodes in a Database

Mentioned in 2 episodes

  1. 093
    A Calibrated Knob for Weak-to-Strong AI Oversight, Tested on Real Code
  2. 039
    When Smarter Agents Get Fooled by Three Extra Nodes in a Database