[&] What role does input sanitization play in second order SQL injection?
- It ensures that user inputs are securely stored in the database without modification
- It restricts access to certain database tables by enforcing access control
- It prevents malicious payloads from being stored or executed during subsequent operations
- It validates user credentials during the login process

[&] What distinguishes second order SQL injection from first order SQL injection?
- It only affects time-based SQL injections
- It executes the payload immediately upon injection
- It requires a direct connection to the database
- It stores the payload for later execution

[&] What is generally required for a second order SQL injection to take place?
- Direct user interaction with the database
- A vulnerable input field without immediate execution
- A backdoor in the web application
- Immediate detection of the payload

[&] Why might a second order SQL injection be less obvious to detect than a first order SQL injection?
- It only affects outdated databases
- It requires multiple users to execute
- The execution and impact are delayed
- The payload is always encrypted

[&] In a second order SQL injection attack, when is the malicious payload typically executed?
- When the database schema is altered
- When stored data is later used unsanitized in another query
- When the user logs in/out of the application
- Immediately upon submission of the injected payload

[&] In the context of second order SQL injection, what is the 'triggering phase'?
- When the attacker first injects the payload
- When the database is initially queried
- When the database executes the stored unsanitized data
- When the user logs out of the application