First of all, what is a SQL injection? Let’s look at an example from a hacker’s point of view.
A hacker whose nickname is Wasp is looking for a vulnerable site. He finds a site (vulnrbl.com) and goes to a page with pagination.
https://vulnrbl.com/articles?page=2&orderby=title
He changes “title” to “content” and notices that the order of the pages changes, and all of the articles are ordered alphabetically by the content instead of the title.
Perfect.