This is intended to take place interactively with the instructor observing and helping as needed.

First, become familiar with basic SQL query elements

Use this online SQL interpreter: https://www.w3schools.com/sql/trysql.asp?filename=trysql_asc

1. Look at the databases
2. Try a “Where” clause to select one row
3. Try “Where” to select multiple rows
4. Try “Where” that is always true

Part 2: Experiment with SQL injection

Follow the example on this web page: https://www.codingame.com/playgrounds/154/sql-injection-demo/sql-injection

Try logging in with both the actual password and with the bogus injection statement.

I find it’s easiest to have a text editor nearby and open. Construct your SQL injection in the text editor and then paste it into the password field. Try different “true” expressions.