SQL Manipulation: A manipulation attack, which is the most common type of injection attack, changes an SQL command in the application$$for example, by adding conditions to the WHERE$-$clause of a query, or by expanding a query with additional query components using set operations such as UNION, INTERSECT, or MINUS. Other types of manipulation attacks are also possible. A typical manipulation attack occurs during database login$.$ For example, suppose that a simplistic authentication procedure issues the following query and checks to see if any rows were returned:

SELECT $*$ FROM users WHERE username $=$ 'jake$$ and PASSWORD $=$jakespasswd$$ ;

Now, assume that the following SQL statement is executed where Jane Doe $($a user$)$ manipulates the SQL statement as follows $($e$.$g$.$ via a web form or external view$)$:

SELECT $*$ FROM users WHERE username $=$jake$$ and $($PASSWORD $=$jakespasswd$$ or $$x$=$x$)$ ;

If Jane Doe know that 'jake' is a valid login of some user who is able to log into the database system as 'jake' without knowing his password, do you think that Jane Doe might be able to do everything that 'jake' may be authorized to do to the database system in this case