I'm really frustrated

I may understand that my message can be a call in a void but i'm really frustrated with the single answer that is accepted to many of challenges for example in chall 18 it does not accept u* select n***,etc… without from but this is legal in mysql the worst thing is that if you give a correct but malformed request and the system does not accept it then you start thinking in a different direction Maybe the variety of answers and behaviour of some challenges should be reconsidered? AFAIK I'm not alone…

Yes you told me that and I do understand it. I can help modify your testing scripts if it helps. Cause I've tried blind inj in ch18 for abot 4 hours and could not understand why 1=1 works and 2=2 does not and why my select 1,1,… does not work at last i've read an article here about blind… and did it in 20 secs but I don't like to use an all- ready solution it doesn't teach you

No one cares about doing the challenges really. If you find they don't teach you anything then it's time to move on.

Honestly don't know what you expect from a simulation, do you want the authors to integrate every possible blind SQL injection?

Or would you rather have the authors to add a comment with the exact query you have to perform in a riddle as in like Basic 1? Is that enough 'real life' for you?

Take Web Patching for example, you have to use functions like addslashes() against SQL injections.

I personally wouldn't even go for the ancient mysql_* functions, even mysql_real_escape_string is in need of an open mysql connection, otherwise you'll have insecure escaping.

What i'm trying to say, I could in 'real life' use for example PDO against SQL injections, that way I won't have to escape parameters, simply because I can bind them like a real database API. But obviously it's not gonna accept that as answer, in the end, it's a simulation.

what comes to mind first: in chall 18 the script checks the output and if there is more than one result and it is not a figure then write something like "you're close" or if it meets u* s* Using frameworks has a drawback of unknown security issues and performance. By the way all frameworks are also written by someone - that's a real life )