The demo uses small JavaScript arrays instead of a real database, so the page stays safe to run publicly.
const sqliDb = {
users: [
{ username: 'admin', password: 'hunter2' },
{ username: 'alice', password: 'p@ssw0rd' }
],
products: [
{ name: 'Running Shoes', price: '$89.99' }
]
};if (/union\s+select/i.test(value)) {
// Return fake rows to show what a leak
// could look like in a real app.
}