SQL injection occurs when user-supplied input is not escaped properly when it is inserted into an SQL statement. Since single quotes (') are used to delimit string literals, proper handling is ...