From 9a0995dae58de55eef9791c8ebf598b9004e7cc5 Mon Sep 17 00:00:00 2001
From: MaDuck <maduck@users.noreply.github.com>
Date: Mon, 28 May 2018 16:53:23 +0200
Subject: [PATCH] Fixed column name on sql injection lesson 6

---
 .../resources/lessonPlans/en/SqlInjection_content5a.adoc    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content5a.adoc b/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content5a.adoc
index d0f4ff51e..4b534d4bc 100644
--- a/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content5a.adoc
+++ b/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content5a.adoc
@@ -2,9 +2,9 @@
 
 The query in the code builds a dynamic query as seen in the previous example.  The query in the code builds a dynamic query by concatenating strings making it susceptible to String SQL injection: 
 
--------------------------------------------------------
-"select * from users where name = ‘" + userName + "'";
--------------------------------------------------------
+------------------------------------------------------------
+"select * from users where LAST_NAME = ‘" + userName + "'";
+------------------------------------------------------------
 
 Using the form below try to retrieve all the users from the users table. You shouldn't need to know any specific user name to get the complete list, however you can use 'Smith' to see the data for one user.