What is SQL injection and how to save website

A large number of websites are vulnerable to SQL injection attacks, I must say that its just the fault of the website admin, Who has designed it. I am going to discuss here that what is SQL injection and how it is accomplished. Now-a-days, many noobs find an SQL error in database by automated scanners and just exploit it for fun. But that is not a good act. Even i haven't used my skills for any bad purpose. This post is about those people who don't know that their website is actually vulnerable to such attack, also i am going to tell you that how its done and how to catch this vulnerability.Due to such vulnerability a Hacker can gain access to your website within a minute, Yes its true.

What is SQL Injection?
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.
In simple words I must say that hacker injects certain characters in the admin authentication area and gains access as admin.

How do exploiters perform basic SQL injection?
Google is very helping in hacking, due to dork technique, Now you will think that what is dork?
Dork: A search enquiry to find a website specific to an attack type etc.
Common exploiters use these few dorks are below, which are used to find, vulnerable site:
These dorks are pasted in the search bar of google.com. and then searched to find the website.

After finding the required target, injection is accomplished, like in the login fields of admin, as password following injections are inserted (there can be combination of other injections/vulnerability. used by the hackers, this is just a small example for educational purposes):
' or '1'='1
' or 'x'='x
Any website with SQL vulnerability will allow the exploiter to login with the required injection combinations.

What you should do as webmaster or ethical hacker?

You should check your website if it's vulnerable to SQL injection. In that case simply update your database. In case you find a website which is vulnerable just contact the webmaster and tell them of the vulnerability.  

That was just a simple tutorial to give you basic information of SQL injection. There are more advanced techniques too.

How to check that your website is vulnerable?

Well, After reading the basics above you might have got the concept of SQL injection. But many tools are also available to scan your website or server for such errors in database, Note, When error occurs it means that website is vulnerable.

First Method:

Here is an online scanner:
For example, If you want to scan, www.website-wamiq.com then put this in scanner bar:
If you get:
http://www.website-wamiq.com/product.php?id='3 <== Success
Then it means that website is vulnerable and can be exploited easily by getting the number of colums.

Second Method:

Here is an automated scanner, Which is for newbies, Just click scan and take rest.
Go to this link to get detailed information on how to find SQL vulnerability in website.
To get Acunetix vulnerability scanner Trial version go here.

Hope, Now you might be aware of SQL injections. Futher information will be posted later.