Created in August 2009, when I was working on my book The Web Security Testing Cookbook. One of the first parodies I thought up. I am sorry that my singing is so terrible. This one might be worth remaking...

Lyrics

I see your input's not validated properly You have to check it at all tiers: 1, 2 and 3 Give me a browser and quite soon you will agree. There must be 50 ways to inject your SQL

You see it really is my business to intrude The CTO wants to see this web app broke into Turn on my proxy and all doubt will be removed. There must be 50 ways to inject your SQL 50 ways to inject your SQL

Try a quick hack, Jack Add a new row, Joe Try an insert, Kurt Change their SQL query

Evade the regex, Rex Encode it all in hex Unbalance the quotes, Vinod And change the query

Break the syntax, Max Use a backslash, Cash Try command shell, Mel, And change the query

Use "one equals one," son, Unhandled exception! Read the stack trace, ace and change the query

He said our application is secure against your kind There are no simple vulnerabilities to find I said your coders write their code like they are blind, there must be 50 ways to inject your SQL

He said our logs show unexpected funds were sent Its probably time we started using PreparedStatements I said I'm glad you're seeing what I meant, there were 50 ways to inject your SQL 50 ways to inject your SQL

Break the syntax, Max Use a backslash, Cash Try command shell, Mel, And change the query

Use "one equals one," son, Unhandled exception! Read the stack trace, ace and change the query

Try a quick hack, Jack Add a new row, Joe Try an insert, Kurt Change their SQL query

Evade the regex, Rex Encode it all in hex Unbalance the quotes, Vinod And change the query