
SQL injection interactive tutorial using SQL.js - inglor
https://github.com/benjamingr/pizzahack
======
orf
Very interesting idea, but I don't think the example application is a good
tutorial at all.

When teaching people SQLi the whole 0 visibility, slow feedback thing is a
hindrance. A good app with instant fake sqli feedback, with the option to view
the query live would be a great help. Sure, it's not realistic, but it's good
for beginners.

~~~
tokenizerrr
The application alert()'s the query when it is incorrect, which was pretty
helpful. It would have been better if the application's own queries contained
all the field names instead of *, though. So you wouldn't have to guess.

~~~
jand
Yes, that would be easier. I used google to find "xxxxxx".

Edit: Removed the spoiler. There is a SQLite statement showing the table
outline which works just fine. Hint: pragma

