SQL injection inserts a code fragment that makes a database statement universally true, like _.