The following query return all the passwords in the table tbl_user but I can not understand why this is happening. Please help me to understand this part of the query: ‘admin’ OR 1=1 — ‘ Can you introduce other threats like this (website, book, etc)? Answer This is a classic SQL injection. See this fiddle while I explain it: SQLfiddle