When a string is written in the code instead of in a table in the database, it is referred to as “inline SQL”. The best way is to use string objects to build a query based on user input from the front end. Inline SQL exposes the command to SQL injection. The outcome can have catastrophic repercussions on the server including massive data breach.
The below code is an example of an inline structure.
Here user_id is taken from the textbox. This technique leaves the door open for attackers to attack. Using this query with SQLi, an attacker could potentially gain access to the administrator’s credentials.