This content originally appeared on DEV Community and was authored by Mohammad Shams
Hey folks 
As part of my self-learning journey into cybersecurity, I wanted to better understand SQL injection β not just by reading, but by testing. So I built a small command-line tool to help simulate and detect potential SQLi patterns in GET parameters.
The Tool
Itβs nothing fancy β just a simple PHP script that:
- Takes a URL with query parameters
- Injects common SQLi payloads (like
' OR 1=1 --) - Sends requests and checks for keyword-based anomalies in responses
GitHub repo: SQL Injection Tester
What I Broke (and Fixed)
At one point, I tested this against a test WordPress site I set up… and accidentally messed with a pluginβs query.
Nothing crashed, but I got a good scare. Lesson learned: always test safely 
What I Learned
- The difference between reflective vs blind injection
- How servers react differently to invalid queries
- Why pattern matching alone isn’t enough for real detection
Whatβs Next?
Iβm thinking of:
- Adding POST support
- Highlighting response diffs
- Maybe integrating with Burp logs later?
If youβre learning security too, check it out. Itβs raw and beginner-level, but Iβm proud of it!
Cheers,
Mohammad
This content originally appeared on DEV Community and was authored by Mohammad Shams