Safe SQLi & Input Validation Demo (Local)

This page is a safe simulation for classroom demonstration. It does not attack any real database. It shows what a vulnerable query might look like and simulates outcomes for teaching purposes.

Email / Username Password Log in (simulate)

Simulated constructed SQL query

-- shows constructed SQL here --

Simulated Request Body (what a browser would send)

-- request body here --

Simulated Server Log

-- server log entries --

Input Validation Check (try these)

Paste or type the following examples into the username or the bio field on the form below to see how the app handles them.

• ' OR '1'='1 — classic tautology payload (simulated)
• <script>alert(1)</script> — demonstrates reflected XSS when echoed unsafely (simulated)
• Very long string (5000 characters) — boundary test

Mini form to demonstrate echo/escaping

Bio (will be echoed below) Echo Bio (simulate server response)