SQL Injection — QA Sandbox

What is SQL Injection?

SQL injection is an attack where malicious SQL statements are inserted into an input field with the intent of manipulating the database query behind it. A successful injection can expose data, bypass authentication, or destroy records.

What is hidden here

True Positive	One input string is correctly detected and blocked
False Positive	One legitimate input is incorrectly rejected — try names with apostrophes
Bug Found	One SQLi string bypasses the filter entirely and breaks authentication
True Negative	Valid credentials log in successfully

Login Form

Suggested test inputs

Try admin / password123 for valid credentials
Try a name containing an apostrophe, like O'Brien
Try obvious destructive SQL like DROP TABLE users
Try a classic SQLi bypass — something that makes the WHERE clause always true