Very interesting idea, but I don't think the example application is a good tutorial at all.

When teaching people SQLi the whole 0 visibility, slow feedback thing is a hindrance. A good app with instant fake sqli feedback, with the option to view the query live would be a great help. Sure, it's not realistic, but it's good for beginners.

The application alert()'s the query when it is incorrect, which was pretty helpful. It would have been better if the application's own queries contained all the field names instead of *, though. So you wouldn't have to guess.

Yes, that would be easier. I used google to find "xxxxxx".

Edit: Removed the spoiler. There is a SQLite statement showing the table outline which works just fine. Hint: pragma

That's a good idea, a PR would be appreciated but I can also add this myself.

This tutorial comes with a ppt presentation that explains how to use it. Sadly I do not hold the copyright to that and it's in a foreign language - I do intend to write a new presentation that explains it. We `alert` the query when it fails in several places.

It's also targeting 10th grade kids so we need it's full of internet humor intentionally.