Added testcase for SQL injection lesson

webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties

@@ -1,12 +1,13 @@
 #StringSqlInjection.java
 StringSqlInjectionSecondStage=Now that you have successfully performed an SQL injection, try the same type of attack on a parameterized query.  Restart the lesson if you wish to return to the injectable query.
 EnterLastName=Enter your last name:
-NoResultsMatched=No results matched.  Try Again.
+NoResultsMatched=No results matched. Try Again.
 SqlStringInjectionHint1=The application is taking your input and inserting it at the end of a pre-formed SQL command.
 SqlStringInjectionHint2=This is the code for the query being built and issued by WebGoat:<br><br> "SELECT * FROM user_data WHERE last_name = "accountName"
 SqlStringInjectionHint3=Compound SQL statements can be made by joining multiple tests with keywords like AND and OR. Try appending a SQL statement that always resolves to true
 SqlStringInjectionHint4=Try entering [ smith' OR '1' = '1 ].
-
+SqlStringInjectionHint5=Try adding a union to the query, the number of columns should match.
+SqlStringInjectionHint6=Try entering [ Smith' union select userid,user_name, password,cookie,cookie, cookie,userid from user_system_data -- ].
 
 sql-injection.5a.success=You have succeed: {0}
 sql-injection.5a.no.results=No results matched. Try Again.