# SQL Injection SQL injection is one of the most dangerous exploit that an application can be subject to. An SQL injection can turn out to be the gateway for a hacker to not only get information out of the system, but bypass authentication, reveal internal schemas, execute commands and even go to the extent of taking control of the system. One of the first step towards evaluating whether an application is susceptible to SQL injection is by testing whether any of the fields accept the single quote and that returns an error directly from the database. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.particle42.com/web-application/sql-injection.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.