SQLi
Test SQL Queries
Insert Test Data
-- Create a users table
CREATE TABLE 'users' (
'id' int NOT NULL AUTO_INCREMENT,
'username' varchar(50) NOT NULL,
'password' varchar(50) NOT NULL,
'role' varchar(20) NOT NULL,
PRIMARY KEY (id) );
-- Insert test data into `users`
INSERT INTO `users` (`username`, `password`, `role`) VALUES
('Jessamy', 'password123', 'admin'),
('Jeremy', 'qwerty', 'user');
-- Create a `products` table
CREATE TABLE `products` (
`id` int NOT NULL AUTO_INCREMENT,
`name` varchar(100) NOT NULL,
`description` text,
`price` decimal(10, 2) NOT NULL,
PRIMARY KEY (`id`)
);
-- Insert test data into `products`
INSERT INTO `products` (`name`, `description`, `price`) VALUES
('Laptop', '15-inch laptop with 8GB RAM', 1200.00),
('Smartphone', 'Latest model with 5.7-inch screen', 299.99),
('Coffee Maker', 'Brews coffee and has a timer', 49.99);
Test Queries
-- Simple SQL statements
-- SELECT * FROM users;
-- SELECT * FROM users WHERE username = 'Jessamy';
-- SELECT * FROM users WHERE username = 'Jessamy' and password = 'password123';
-- SELECT * FROM users WHERE username = 'Jessamy'-- ' and password = 'password123';
--
-- Substring
-- SELECT database()
-- SELECT substring(database(),1,1)
-- Booleans
-- SELECT * FROM products WHERE name = 'Laptop' AND 1=1;
-- SELECT * FROM products WHERE name = 'Laptop' AND 1=2;
-- Time delays
-- SELECT * FROM products WHERE name = 'Laptop' AND SLEEP(5);
-- Time delay substring
-- SELECT database()
-- SELECT IF(1=1,SLEEP(5),'a')
-- SELECT IF(SUBSTRING((SELECT database()),1,1)='a',SLEEP(5),'a')
-- SELECT IF(SUBSTRING((SELECT database()),1,1)='t',SLEEP(5),'a')
-- SELECT * FROM products WHERE name = 'Laptop' AND IF(1=1,SLEEP(5),'a')
-- Errors
-- SELECT IF(SUBSTRING((SELECT database()),1,1)='a',(SELECT table_name FROM information_schema.tables),'a')
-- SELECT IF(SUBSTRING((SELECT database()),1,1)='t',(SELECT table_name FROM information_schema.tables),'a')