Lesson Plan Title: How to Perform SQL Injection

Concept / Topic To Teach:

It is always a good practice to scrub all inputs, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. Users should not be able to alter the intent of commands that are executed on the server, in many cases as a privileged user.

General Goal(s):

For this exercise, you will perform a SQL Injection attack. You will also implement code changes in the database to defeat these attacks.