What is the main security problem with meta-characters, when a dynamic web applications pass data to a subsystem?

Any database server based on SQL will need to have quotes escaped in string constants.

The hyphens are not the main root of problem in SQL injection attack.

If a program run an external command using operating system, the risk of which attack is more probably increased?

All the following methods are useful to reduce the risk of Shell Command Injection, except:

An attacker entered this input as email address when registering in a system. What attack he intend to perform?

An attacker can modify queries that are sent to a database by playing with input to the web application. It describes ...