Code Room
CodingMediumcod-g1005
Subject SecurityLevel Mid–Senior~18 minCommon in Security · Databases & SQL interviewsIndustries Software development

Question

Implement a heuristic SQL-injection detector for a web application firewall. Given a `query` string (raw user input), return True if it contains any of these suspicious patterns (case-insensitive): a tautology like ' OR '1'='1 (an apostrophe, optional whitespace, 'or', whitespace, optional apostrophe, '1', optional apostrophe, optional whitespace, '=', optional whitespace, optional apostrophe, '1'); a '; DROP TABLE' statement; a SQL comment '--'; or a 'UNION SELECT' clause (with whitespace between). Otherwise return False. This is a heuristic, not a parser.

Implement
detect_sqli(query: str) → bool
Examples
in["admin' OR '1'='1"]outtrue
What a strong answer looks like

State your approach and its time/space complexity out loud before you optimize. Handle the edge cases (empty input, duplicates, overflow), and say why you chose this over the brute force. Green tests are the floor, not the grade.

Vibe coding: describe the solution in plain language (or narrate it) and the coach grades your approach. Generating runnable code from your description is coming next.

Run or narrate your approach, then ask the coach.