•
•
•
/api/sql-demo
/api/sql-demo
Response
Select an endpoint from the left, then click Send
Educational demo showing vulnerable vs safe SQL queries against a real database. The visitor-facing form lives at /sql-injection-demo — this card is the structured-inspection lab. Museum carve-out: writes require GitHub sign-in (every attempt audited under your GitHub login), the locked-down `sql_demo_runner` Postgres role keeps blast radius scoped to sql_demo.users — UNION SELECT against auth.user or sql_demo.audit_log returns permission denied.
Select an endpoint from the left, then click Send