From d3f05ce4a4042fb9233ccc18d7e026049edb0f83 Mon Sep 17 00:00:00 2001
From: git-sandro <sandro-zimmermann@outlook.com>
Date: Fri, 17 Apr 2026 10:22:46 +0200
Subject: [PATCH] SQL Injectionn

---
 notebooks/SQL-Injectionn mit Code.ipynb | 29 +++++++++++--------------
 1 file changed, 13 insertions(+), 16 deletions(-)

diff --git a/notebooks/SQL-Injectionn mit Code.ipynb b/notebooks/SQL-Injectionn mit Code.ipynb
index b3b41fa..40b29bc 100644
--- a/notebooks/SQL-Injectionn mit Code.ipynb	
+++ b/notebooks/SQL-Injectionn mit Code.ipynb	
@@ -27,12 +27,12 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 17,
+   "execution_count": 2,
    "metadata": {},
    "outputs": [],
    "source": [
-    "# als nächstes bauen wir unsere Verbindung auf, legen eine Tabelle an und füllen diese mit zwei Usern:\n",
-    "conn = psycopg2.connect (\"dbname=7Wochen user=postgres password=postgres\")\n",
+    "# als nächstes bauen wir unsere Verbindung auf, legen eine Tabelle an und füllen diese mit zwei Usern (bitte eigene Datenbank auswählen):\n",
+    "conn = psycopg2.connect (\"dbname=7Wochen user=su password=postgres\")\n",
     "\n",
     "cursor = conn.cursor(cursor_factory=psycopg2.extras.RealDictCursor)\n",
     "\n",
@@ -52,7 +52,7 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 18,
+   "execution_count": 3,
    "metadata": {},
    "outputs": [
     {
@@ -62,7 +62,7 @@
        " RealDictRow([('id', 2), ('username', 'user2'), ('password', 'password2')])]"
       ]
      },
-     "execution_count": 18,
+     "execution_count": 3,
      "metadata": {},
      "output_type": "execute_result"
     }
@@ -84,7 +84,7 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 27,
+   "execution_count": 4,
    "metadata": {},
    "outputs": [
     {
@@ -129,14 +129,14 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 28,
+   "execution_count": 5,
    "metadata": {},
    "outputs": [
     {
      "name": "stdout",
      "output_type": "stream",
      "text": [
-      "FEHLER:  Zeichenkette in Anführungszeichen nicht abgeschlossen bei »'''«\n",
+      "unterminated quoted string at or near \"'''\"\n",
       "LINE 1: SELECT * FROM users WHERE username='user1' AND password='''\n",
       "                                                                ^\n",
       "\n"
@@ -171,7 +171,7 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 29,
+   "execution_count": 6,
    "metadata": {},
    "outputs": [
     {
@@ -210,17 +210,14 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 37,
+   "execution_count": 7,
    "metadata": {},
    "outputs": [
     {
      "name": "stdout",
      "output_type": "stream",
      "text": [
-      "FEHLER:  Zeichenkette in Anführungszeichen nicht abgeschlossen bei »' OR 1=1 --«\n",
-      "LINE 1: ...CT * FROM users WHERE username=user1 AND password=' OR 1=1 -...\n",
-      "                                                             ^\n",
-      "\n"
+      "Login fehlgeschlagen\n"
      ]
     }
    ],
@@ -230,7 +227,7 @@
     "password = \"' OR 1=1 --\"\n",
     "\n",
     "try:\n",
-    "    cursor.execute(f\"SELECT * FROM users WHERE username={username} AND password={password}\")\n",
+    "    cursor.execute(f\"SELECT * FROM users WHERE username=%s AND password=%s\", (username, password))\n",
     "    user = cursor.fetchone()\n",
     "\n",
     "    if user:\n",
@@ -269,7 +266,7 @@
    "name": "python",
    "nbconvert_exporter": "python",
    "pygments_lexer": "ipython3",
-   "version": "3.12.8"
+   "version": "3.13.9"
   }
  },
  "nbformat": 4,