Miscellaneous bug fixes

divide by zero, inaccurate discount and totals, reflection of user input


git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@273 4033779f-a91e-0410-96ef-6bf7bf53c507

main/project/WebContent/lesson_plans/DBSQLInjection.html

@@ -0,0 +1,16 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> How to Perform SQL Injection</p>
+</div>
+<p><b>Concept / Topic To Teach:</b></p>
+<!-- Start Instructions -->
+It is always a good practice to scrub all inputs, especially those
+inputs that will later be used as parameters to OS commands, scripts,
+and database queries. Users should not be able to alter the intent of
+commands that are executed on the server, in many cases as a privileged user.
+<!-- Stop Instructions -->
+<p><b>General Goal(s):</b></p>
+For this exercise, you will perform a SQL Injection attack.
+You will also implement code changes in the database to defeat
+these attacks.
+<br>
+