The Web application issues this command, which always returns a valid username because the extra clause, 't' = 't' , is always true.

statement = SELECT * FROM users WHERE name = 'a' OR 't'='t';

There are well-documented that can prevent SQL injection attacks. Or you could hire IBM, which is the unwritten point of the USA Today article. Either way, preventing SQL injection attacks is a must for stopping identity theft, the hijacking of servers to make them spambots, and the further spread of such malware.