SQL Injection

{1} Input Validation
"An attacker provides the db/application with malformed data. It uses the data to build a
SQL statement using string concatenation. This allows the attacker to change the semantics of the SQL query [Howard]"
SELECT CustName FROM Customers
WHERE ID = 1; DELETE * customers
WHERE 1 = 1