API Client

SQL Injection Demo · Originally Express + SQLite

OriginalEnhanced

Educational demo showing vulnerable vs safe SQL queries against a real database. The visitor-facing form lives at /sql-injection-demo — this card is the structured-inspection lab. Museum carve-out: writes require GitHub sign-in (every attempt audited under your GitHub login), the locked-down `sql_demo_runner` Postgres role keeps blast radius scoped to sql_demo.users — UNION SELECT against auth.user or sql_demo.audit_log returns permission denied.

  • Open the visitor-facing form

Live endpoints backed by a real database.

Bands, events, stages — source-faithful CRUD.

Book inventory CRUD + the admin HTML served alongside.

Restaurant reviews, threaded comments, museum-gated auth.

Vulnerable + safe SQL queries against a real database.

/api/music-tour
•
/api/admin-portal
•
/api/rest-rant
•
/api/sql-demo
/api/music-tour
/api/admin-portal
/api/rest-rant
/api/sql-demo
Response
Select an endpoint from the left, then click Send