#StringSqlInjection.java
StringSqlInjectionSecondStage=Now that you have successfully performed an SQL injection, try the same type of attack on a parameterized query.  Restart the lesson if you wish to return to the injectable query.
EnterLastName=Enter your last name:
NoResultsMatched=No results matched. Try Again.
SqlStringInjectionHint1=The application is taking your input and inserting it at the end of a pre-formed SQL command.
SqlStringInjectionHint2=This is the code for the query being built and issued by WebGoat:<br><br> "SELECT * FROM user_data WHERE last_name = "accountName"
SqlStringInjectionHint3=Compound SQL statements can be made by joining multiple tests with keywords like AND and OR. Try appending a SQL statement that always resolves to true
SqlStringInjectionHint4=Try entering [ smith' OR '1' = '1 ].
SqlStringInjectionHint5=First try to find out the number of columns by adding a group by 1,2,3 etc to the query.
SqlStringInjectionHint6=Try adding a union to the query, the number of columns should match.
SqlStringInjectionHint7=Try entering [ Smith' union select userid,user_name, password,cookie,cookie, cookie,userid from user_system_data -- ].
SqlStringInjectionHint8=Try sorting and look at the request
SqlStringInjectionHint9=Intercept the request and try to specify a different order by
SqlStringInjectionHint10=Use for example "(case when (true) then hostname else id end)" in the order by and see what happens
SqlStringInjectionHint11=Use for example "(case when (true) then hostname else id end)" in the order by and see what happens

sql-injection.5a.success=You have succeed: {0}
sql-injection.5a.no.results=No results matched. Try Again.

sql-injection.5b.success=You have succeed: {0}
sql-injection.5b.no.results=No results matched. Try Again.

sql-injection.6a.success=You have succeed: {0}
sql-injection.6a.no.results=No results matched. Try Again.

sql-injection.6b.success=You have succeed: {0}
sql-injection.6b.no.results=No results matched. Try Again.