Skip to content

CS 374, Spring 2026

Apr 21: SQL Injection, Hotel queries

CS 374, Spring 2026

Home
Syllabus
Calendar
Homework
Homework
Labs
Labs
- SQLite (DB Browser)
Notes
Notes
- Week 1: Introduction
  Week 1: Introduction
  - Jan 20: Course Overview
  - Jan 22: Relational Model & SQL Basics
- Week 2: Relational Model
  Week 2: Relational Model
  - Jan 27: Relational Algebra, SQL Joins
  - Jan 29: Running SQL in Python
- Week 3: ER/EER Models
  Week 3: ER/EER Models
  - Feb 03: Entity-Relationship Model
  - Feb 05: Enhanced ER Model (EER)
- Week 4: Database Design
  Week 4: Database Design
  - Feb 10: No Class (Assessment Day)
  - Feb 12: EER Modeling
- Week 5: EER to Relational
  Week 5: EER to Relational
  - Feb 17: EER Modeling
  - Feb 19: Test 1, HW3
- Week 6: Intermediate Queries
  Week 6: Intermediate Queries
  - Feb 24: EER-Relational Mapping; DBML
  - Feb 26: postgreSQL
- Week 7: Data Generation
  Week 7: Data Generation
  - Mar 03: SQL Joins and the TPCH database
  - Mar 05: SSH Tunnel, venv, faker
- Week 8: Complex Queries
  Week 8: Complex Queries
  - Mar 10: generate SQL DDL, faker
  - Mar 12: Build database, Python faker
- Week 9: Object-Relational
  Week 9: Object-Relational
  - Mar 24: Review for Test 2
  - Mar 26: Test 2
- Week 10: Advanced SQL
  Week 10: Advanced SQL
  - Mar 31: Set Ops & Subqueries
  - Apr 02: Window Functions and Views
- Week 11: Indexes
  Week 11: Indexes
  - Apr 07: Normalization
  - Apr 09: Build and populate a database
- Week 12: SQL Functions/Procedures
  Week 12: SQL Functions/Procedures
  - Apr 14: Transactions and SQL Functions
  - Apr 16: NoSQL and MongoDB
- Week 13: NoSQL Databases
  Week 13: NoSQL Databases
  - Apr 21: SQL Injection, Hotel queries Apr 21: SQL Injection, Hotel queries
    Table of contents
    
    Lesson
    
    Your To-Do List
  - Apr 23: Indexes and Query Optimizer
- Week 14: Database Security
  Week 14: Database Security
  - Apr 28: HW8 Work Day
  - Apr 30: SQL Test
- Week 15: Course Wrap-Up
  Week 15: Course Wrap-Up
  - May 05: Final Review, Logistics

Apr 21: SQL Injection, Hotel queries

Learning Objectives

After today's class, you should be able to:

Understand database security issues including SQL injection.

Lesson¶

Resubmit last week's in-class exercise, if necessary.

Slides Database Security

Example vulnerable application:

hack.py
hack.html
- Input 1: '; DROP TABLE account; --
- Input 2: <script>alert("Hi");</script>
Discuss HW7 and introduce HW8

Your To-Do List¶

Start working on HW8