sql.injection.lab

basic string concatenation vulnerability

-- Vulnerable SQL Query

SELECT * FROM users
WHERE email = '(input)'
AND password = '(input)'

User input is directly concatenated into the SQL string

No query executed yet

No database response yet

No application logs yet

This is a controlled environment for educational purposes.

Real applications should use parameterized queries to prevent SQL injection.

Target: Secure Bank Login