SQL Injection

Knowledge of SQL and SQL injection is a requirement of GCSE Computer Science courses. This page aims to give students an understanding of how SQL is used by web-pages, e.g. for authentication, and how that can lead to a vulnerability called SQL Injection. You can see valid usernames and passwords at the foot of the page - along with a link to a video that explains how the page works - but your challenge is to see if you can "log in" without using them. When you click the Login button you will be taken to another page that shows you how SQL is used to authenticate the user.

Log-In


NB. A real login page would obscure the password, e.g. with spots or asterisks, but that makes it more difficult to edit the SQL.

Valid User Details

You can use the details below to log in - but can you gain access without using the correct username and password? You might want to look at the pages on SQL injection at W3Schools and in Wikipedia.

UsernamePasswordForenameSurname
jb123JoeBloggs
daveleedsDavidBrent
bob808RobertRobinson

You can watch an explanation of how this page works on the Computing and ICT in a Nutshell YouTube channel.