The amount of data stored in organisational databases has increased rapidly in recent years due to the rapid advancement of information technology. A high percentage of the data is sensitive, private and critical to those organisations, their clients, suppliers and partners.
Therefore, databases are usually installed behind internal firewalls, protected with intrusion detection mechanisms and accessed only by applications. To access a database, users have to connect to one of these applications and submit queries through them to the database. The threat to databases arises when these applications do not behave properly and construct these queries without sanitising user inputs first.