peyrin
commented
11 months ago Got another email, looks like a duplicate of this. (text of email below)
In the example of 17.3 SQLi strategy, the malicious sql is provided as
SELECT password FROM passwords WHERE username = "admin
I think a single quotation mark is need to pair with the quotation mark right after the input placeholder
SELECT rating FROM evals WHERE course = '%s'
https://edstem.org/us/courses/23185/discussion/1640701