Too Long; Didn't Read
Hackers can maliciously pass commands through the Web app for execution by a backend database. Many data breaches are due to SQL injection. Hackers use a simple string called a Magical String, for example: username: admin; password: anything 'or'1'='1; password=anything results in FALSE, but '1' is a TRUE statement and hence returns a true value. Just due to a single quote (') in the input string is replaced with double quotes ("), and due to (2) before every (') it adds (/). The revised magical string fails to bypass the authentication, and your database stays secure.