Many applications, especially Web-based ones, use databases to store user data. By using the information and techniques presented in this chapter, you should be able to identify places where your application uses user-supplied data and how you might be able to break out of a SQL statement to cause a SQL injection bug. From an attackers perspective, SQL injection bugs are a prime target because they can lead to all types of attacks, such as database manipulation and system command execution. Also, injection bugs arent just limited to SQL: several other technologies have similar vulnerabilities if they allow malicious input to alter the logic of the application.