SQL injection means that the web application does not judge the legality of the data input by users or the filtering is not strict. Attackers can add extra SQL statements at the end of predefined query statements in web applications, and realize illegal operations without the knowledge of administrators, thus deceiving the database server into making unauthorized and arbitrary queries and obtaining corresponding data information.