SQL Injection

Login function module: User Authentication .

Input: User id and Password SQL: select * from admin where user_id = 'admin' and password='****'

Normal Situation: Return True when authenticated success, else return false, authentication failed. Example of SQL Injection: SQL: select * from admin where user_id = 'admin' and password='random number' or '1' = '1'

SQL always return true because of '1' = '1', even the password is wrong. Therefore, it is bypassing the user authentication function.