Apr 11: SQL Injection, Debugging

Learning Objectives

After today's class, you should be able to:

• Describe three ways that SQL can be embedded in other languages.
• Demonstrate how to perform and prevent an SQL injection attack.

Lesson Outline

Mini Lecture [25 min]

zyBooks Chapter 9

SQL Injection and Security

Example venerable application:

• hack.py
• hack.html
  • Input 1: '; DROP TABLE account; --
  • Input 2: <script>alert("Hi");</script>

Debugging [15 min]

Using example files from GP4

• From terminal: flask --app app run --debug
• Or with launch.json you can simply press F5
• Server side: Debugging in Visual Studio Code
• Client side: Debug JavaScript - Chrome DevTools

Work Time [35 min]

• Make progress on GP4 queries and templates

Your To-Do List

• Finish reading zyBook sections 9.1 – 9.5
• Finish working on GP4 (due Monday)