Second-order SQLi

First-order SQL injection happens when the application directly processes user input from an HTTP request and inserts it into a SQL query without proper validation or escaping, allowing an attacker to manipulate the query.

Second-order SQL injection occurs when user input is stored in the database (often safely), but later retrieved and used in a SQL query unsafely. The vulnerability doesn't appear when the input is stored, but it surfaces later when the data is used in another request. This typically happens when developers assume the stored data is safe, failing to properly validate it before using it in a query.