The basics of SQL Injection

SQL Injection is a type of exploit that allows a hacker to run malicious SQL commands to view or modify data in a SQL Database. It is severe and must be avoided. Normally, web frameworks like Django provide guardrails to prevent SQL Injection and similar exploits from happening, but you still have to be careful and follow secure coding principles. Never trust user input! Every piece of user input needs to be sanitized before passing it to your database, either using tools provided by a framework/library or manually.