0
0
SQLquery~10 mins

How SQL injection exploits queries - Interactive Practice

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Practice - 5 Tasks
Answer the questions below
1fill in blank
easy

Complete the code to select user data by username safely.

SQL
SELECT * FROM users WHERE username = '[1]';
Drag options to blanks, or click blank then click option'
Apassword
Badmin' OR '1'='1
Cadmin
Dguest
Attempts:
3 left
💡 Hint
Common Mistakes
Using input like 'admin' OR '1'='1' which changes the query meaning.
2fill in blank
medium

Complete the code to prevent SQL injection by using parameter placeholders.

SQL
SELECT * FROM users WHERE username = [1];
Drag options to blanks, or click blank then click option'
A'admin' OR '1'='1'
Busername
Cadmin
D?
Attempts:
3 left
💡 Hint
Common Mistakes
Putting user input directly into the query string.
3fill in blank
hard

Fix the error in the query that allows SQL injection.

SQL
SELECT * FROM users WHERE username = '[1]';
Drag options to blanks, or click blank then click option'
Aadmin
Badmin' OR '1'='1
Cadmin'; DROP TABLE users; --
Dguest
Attempts:
3 left
💡 Hint
Common Mistakes
Using input that ends the string and adds malicious SQL.
4fill in blank
hard

Fill both blanks to safely check username and password using parameters.

SQL
SELECT * FROM users WHERE username = [1] AND password = [2];
Drag options to blanks, or click blank then click option'
A?
B' OR '1'='1
C:password
Dadmin
Attempts:
3 left
💡 Hint
Common Mistakes
Putting raw input directly into the query string.
5fill in blank
hard

Fill all three blanks to create a safe query that filters users by role and status.

SQL
SELECT * FROM users WHERE role = [1] AND status = [2] AND active = [3];
Drag options to blanks, or click blank then click option'
A?
B'admin'
C1
DTRUE
Attempts:
3 left
💡 Hint
Common Mistakes
Putting user input directly without placeholders.
Using unquoted strings for string values.