This document provides an overview of SQL injection (SQLi), including what it is, how to detect and exploit it, and how to prevent it. SQLi allows attackers to interfere with and extract data from SQL queries by inserting malicious SQL code. It can be used to bypass authentication, obtain sensitive information, alter or delete database content, and execute remote commands. The document outlines manual and automated testing techniques for detecting SQLi vulnerabilities and tools like SQLMAP for exploiting them. It also discusses prevention best practices.