This is intended to take place interactively with the instructor observing and helping as needed.
First, become familiar with basic SQL query elements
Use this online SQL interpreter: https://www.w3schools.com/sql/trysql.asp?filename=trysql_asc
- Look at the databases
- Try a “Where” clause to select one row
- Try “Where” to select multiple rows
- Try “Where” that is always true
Part 2: Experiment with SQL injection
Follow the example on this web page: https://www.codingame.com/playgrounds/154/sql-injection-demo/sql-injection
Try logging in with both the actual password and with the bogus injection statement.
I find it’s easiest to have a text editor nearby and open. Construct your SQL injection in the text editor and then paste it into the password field. Try different “true” expressions.