# Test Cases

## 1. Basic test cases

[Good] `SELECT _ FROM users WHERE id = 1`  
[Bad] `SELECT _ FROM users WHERE id = 1 OR 1=1`

## 2. Authentication bypass cases

[Bad] `SELECT _ FROM users WHERE username = 'admin' --`  
[Bad] `SELECT _ FROM users WHERE username = 'admin' #`  
[Bad] `SELECT \* FROM users WHERE username = 'admin' OR '1'='1'`

## 3. Union based injection cases

[Bad] `SELECT id, username FROM users WHERE id = 1 UNION SELECT null, 'hacker'`  
[Bad] `SELECT id, username FROM users WHERE id = 1 UNION SELECT 1, 'hacked' FROM dual`  
[Bad] `SELECT database() UNION SELECT 1`

## 4. Error based injection cases

[Bad] `SELECT _ FROM users WHERE id = 1 AND (SELECT 1 FROM users WHERE id=2)=1`  
[Bad] `SELECT _ FROM users WHERE id = (SELECT COUNT(\*) FROM users)`

## 5. Blind SQL injection cases

[Bad] `SELECT _ FROM users WHERE id = 1; WAITFOR DELAY '00:00:10' --`  
[Bad] `SELECT _ FROM users WHERE username = 'admin' AND 1=1`

## 6. Hex and Base64 encoded injection cases

[Bad] `SELECT _ FROM users WHERE username = 0x61646D696E`  
[Bad] `SELECT _ FROM users WHERE username = 'YWRtaW4='`

## 7. False positives cases

[Good] `SELECT _ FROM users WHERE id = 5`  
[Good] `SELECT users.name, orders.amount FROM users JOIN orders ON users.id = orders.user_id`  
[Good] `SELECT _ FROM users WHERE username = ? AND password = ?`

## 8. Edge cases

[Good] `""`  
[Bad] `'; --`  
[Good] `12345`  
[Good] `asdkjhasdkjh`