cybersecurity · beginner · ~15 min · safe pentest lab

Is the query built by concatenation?

Spot unsafe query construction.

Challenge

Implement int risky_query_build(const char *code) returning 1 if the code builds SQL with "strcat" or "sprintf" (string concatenation), else 0.

Starter code

#include <string.h>

int risky_query_build(const char *code) {
    /* TODO */
    return 0;
}

Solve this exercise in the browser editor — compile and run against the test harness, no setup required.