Use the raw slides from L20(pdf) before lecture to take notes on the SQL portion. We will finish the SQL unit we started in L20. The material here will help you with crafting a sql injection attack in Project 6.

Summary

Basic SQL commands like CREATE, INSERT, UPDATE, SELECT
How to filter results using WHERE
How to join results using UNION
The basic idea behind sql injection
Examples

Demonstrations

Here are some screencasts of the basic sql demonstration. The lecture video will include some more advanced commands and walk through the attacks on the bad.py program.

L21: SQL Vulnerabilities

Summary

Demonstrations

Basic commands with `sqlite3`:

UNION and other commands with `sqlite3`:

L21: SQL Vulnerabilities

Summary

Demonstrations

Basic commands with sqlite3:

UNION and other commands with sqlite3:

Basic commands with `sqlite3`:

UNION and other commands with `sqlite3`: