Why You Should Spend More Time Thinking About SQL In...An attacker must first identify insecure user inputs inside the web page or web framework before launching a SQL Injection attack. An SQL Injection attack affects a web page or web application that uses user feedback explicitly in a SQL query.