I would like to give a presentation about SQL Injection based intrusions and what kind of possibilities we have to protect our applications, starting from the very beginning to stealing the entire database. The demonstration contains the well-known authentication bypass and many other interesting things: for example how to protect our queries by escaping the quotes and how the protection can be bypassed. In another example, I will show how to get sensitive information from the database for example the users’ password or the database’s root password. In the final stage I will propose some defending approaches which could protect your application and database against these vulnerabilities. I would like to speak a few words about prepared statements, stored procedures and the various intrusion detection systems.