Practice - 5 Tasks

Answer the questions below

1fill in blank

easy

Complete the code to safely select a user by ID using string concatenation.

SQL

SELECT * FROM users WHERE id = '[1]';

Drag options to blanks, or click blank then click option'

Auser_input

BDROP TABLE users

C42

D1 OR 1=1

Attempts:

3 left

2fill in blank

medium

Complete the code to demonstrate a vulnerable query using string concatenation.

SQL

query = "SELECT * FROM users WHERE username = '" + [1] + "';"

Drag options to blanks, or click blank then click option'

Auser_input

Badmin

Csafe_username

Dconstant

Attempts:

3 left

3fill in blank

hard

Fix the error in the vulnerable query by replacing the blank with the correct safe method.

SQL

cursor.execute("SELECT * FROM users WHERE username = %s", ([1],))

Drag options to blanks, or click blank then click option'

Auser_input

B"user_input"

Cuser_input + "' OR '1'='1"

Duser_input; DROP TABLE users

Attempts:

3 left

4fill in blank

hard

Fill both blanks to create a safe query using parameterized inputs.

SQL

query = "SELECT * FROM users WHERE username = [1] AND password = [2]"

Drag options to blanks, or click blank then click option'

A%s

B"user_input"

C'%s'

Duser_input

Attempts:

3 left

5fill in blank

hard

Fill all three blanks to safely execute a query with parameters.

SQL

cursor.execute("SELECT * FROM users WHERE username = [1] AND password = [2]", ([3], user_password))

Drag options to blanks, or click blank then click option'

A%s

Buser_name

D'%s'

Attempts:

3 left