This papers goal it to study, analyse and educate in cybersecurity, primarily with focus on SQL injection attacks. The study will briefly go over how a normal SQL statement is supposed to look like when sent from a webpage to a database, and how an intruder can manipulate input-fields in order to mess and destroy data in the database. After this, we analyse what makes a prepared statement one of the preferred defenses against SQL injection attacks, and how prepared statements work as a bridge between web pages and the database in order to prevent SQL injections. Lastly, we interview three different people with varied background in programming and web development to consider their opinions regarding SQL, SQL attacks and prepared statement as defense.