From b15e3e934d18e232bea05c6dc3d4d82dffdcbdbb Mon Sep 17 00:00:00 2001
From: sheeley18 <sean.heeley@wiz.io>
Date: Fri, 17 Oct 2025 11:09:47 -0400
Subject: [PATCH] Add SQL injection example

---
 src/SQLInjection.java | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 src/SQLInjection.java

diff --git a/src/SQLInjection.java b/src/SQLInjection.java
new file mode 100644
index 00000000..b784de26
--- /dev/null
+++ b/src/SQLInjection.java
@@ -0,0 +1,9 @@
+import java.sql.*;
+import javax.servlet.http.HttpServletRequest;
+
+public class SQLInjection {
+  public static ResultSet doQuery(HttpServletRequest request, Connection connection) throws SQLException {
+    String customerName = request.getParameter("customerName");
+    String query = "SELECT account_balance FROM user_data WHERE user_name = " + customerName;
+    Statement statement = connection.createStatement();
+    ResultSet results = statement.executeQuery(query);