: Suppose, some database contains two tables:

The program requests a name and a password and outputs the personal number (ps_id) in addition to name (name) and password (passwd) (cf. Figure 1). This, of course, only happens, if the name - password combination matches the person's entry. To achieve this, the SQL-query shown above is created.

Task 1a) Which programming errors are exploited by SQL-Injection attacks?

Task 1b) How can you get all names and passwords in the table by a technique called SQL injection, although you have no idea, how many users are in that table or what their names are? Moreover, you don't know a single password! Show what to enter at both input fields!

Task 1b) Are you able to find out the number of products in the table products (number of products corresponds to the number of rows in table)? If yes: Show what to enter at both input fields!

Hint 1: Assume, no measurements for the defence against SQL injection were taken.

Hint 2: Please note: You cannot change the program!

Hint 3: Please note: You have no direct database account. That is, you cannot enter any complete SQL statement!